The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Texas Bar CLE's Making and Breaking Iron-Clad Contracts course in Austin, Texas on March 6, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma delivered this presentation on April 9, 2019, at the Oklahoma State University 4th Annual Cyber Security Conference in Oklahoma City, Oklahoma.
In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of cybersecurity and data breach cases that have helped him understand the real-world risks companies face and the practical things they can do to prioritize their resources and effectively manage cyber risk. In this presentation, he will share his experience on issues such as:
· Why cybersecurity is an overall business risk issue that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and how to personalities and psychology can impact that team
· The most likely real-world risks that most companies face
· How to prioritize limited resources to effectively manage the most likely real-world risks
· What is reasonable cybersecurity
· How to develop, implement, and mature a cyber risk management program
· Why cyber insurance is a critical component of the cyber risk management process
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
Renaissance Executive Forums 2019 CEO Summit presentation by Shawn E. Tuma, Co-Chair, Data Privacy & Cybersecurity Group, Spencer Fane, LLP
March 7, 2019
Dallas, Texas
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Southern Methodist University Digital Branding Class on October 27, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Northwestern State University's Fall Continuing Legal Education Conference on November 18, 2020.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Spencer Fane LLP Cybersecurity and Data Privacy attorney Shawn Tuma delivered "The Legal Case for Cyber Risk Management Programs and What They Should Include" at the Texas Society of Certified Public Accountants' TSCPA CPE 2018 CPE Expo Conference on November 30, 2018, in Addison, Texas.
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Texas Bar CLE's Making and Breaking Iron-Clad Contracts course in Austin, Texas on March 6, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma delivered this presentation on April 9, 2019, at the Oklahoma State University 4th Annual Cyber Security Conference in Oklahoma City, Oklahoma.
In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of cybersecurity and data breach cases that have helped him understand the real-world risks companies face and the practical things they can do to prioritize their resources and effectively manage cyber risk. In this presentation, he will share his experience on issues such as:
· Why cybersecurity is an overall business risk issue that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and how to personalities and psychology can impact that team
· The most likely real-world risks that most companies face
· How to prioritize limited resources to effectively manage the most likely real-world risks
· What is reasonable cybersecurity
· How to develop, implement, and mature a cyber risk management program
· Why cyber insurance is a critical component of the cyber risk management process
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
Renaissance Executive Forums 2019 CEO Summit presentation by Shawn E. Tuma, Co-Chair, Data Privacy & Cybersecurity Group, Spencer Fane, LLP
March 7, 2019
Dallas, Texas
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Southern Methodist University Digital Branding Class on October 27, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Northwestern State University's Fall Continuing Legal Education Conference on November 18, 2020.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Spencer Fane LLP Cybersecurity and Data Privacy attorney Shawn Tuma delivered "The Legal Case for Cyber Risk Management Programs and What They Should Include" at the Texas Society of Certified Public Accountants' TSCPA CPE 2018 CPE Expo Conference on November 30, 2018, in Addison, Texas.
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
This session will provide details on the new law and its requirements, as well as address the current threat landscape, summarize existing data security laws in the U.S., discuss the new EU cyber directive, and continued impact of the Safe Harbor decision. We will disentangle these regulatory changes and challenges and provide tips and tricks for compliance.
Chair: Ewan Quibell, management systems and service leader, Jisc.
16:55-17:35 - Ransomware briefing
Speaker: Adrian Louth, Fortinet.
Ransomware became headline news in 2016 and looks to remain as the top security concern for all organisations in all sectors. Starting with a review of 2016 we’ll discuss the motives and behaviour of the cyber criminals behind this growing threat and try and get into their mindset.
We’ll look at what strategies can limit the impact of this threat including whether to pay is ever right. We will introduce a real life example and how Fortinet’s Security Fabric has effectively stopped the threat and we will look at what’s next in ransomware.
The goal of this session is to be interesting and informative and to build insight for the audience to prioritise and take effective actions to minimise the risk and exposure this threat causes.
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
Presentation to the Association of Continuity Professionals, North Texas Chapter, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
The Security Kung Fu Series was created as both a thought leadership and awareness campaign which ran from Q1 – Q2 2017. It was meant to educate attendees on the internal and external threats businesses face, and the compliance challenges many must endure. It also served to highlight the need for an array of software solutions from the SolarWinds Core IT Security Portfolio which can assist with these concerns.
A primary focus of the event was SolarWinds® Log & Event Manager which can contribute to greater IT security and assist businesses in meeting and maintaining compliance with a variety of compliance regimes.
Part 2: Firewall Logs
Part 2 of the series shifted our attention to the periphery of a network to focus on how firewalls serve as a first line of defense against security threats. In addition to discussing the patterns of attack which have been demonstrated countless times by hackers, we showed how firewall log data can give notice of attempts at infiltrating a network, exfiltrating data, and more. Beyond that, we discussed how Network Change and Configuration Management solutions can too contribute to deeper IT security by helping to alert to config. changes on firewalls - and other network devices - in addition to a host of other capabilities which can help with this cause.
Other Security Kung Fu Events:
Part 1: SIEM Solutions | http://bit.ly/2qkwVWh
Part 3: Active Directory Changes | http://bit.ly/2s5kFFc
Part 4: Security vs. Compliance | http://bit.ly/2qXuc3I
If you are interested in learning about the impact of this campaign, please visit my LinkedIn Profile for more details or feel free to reach out to me directly over LinkedIn.
Acknowledgements
I’d like to thank the following individuals for assisting me in the execution of this campaign:
Justina Lister, Angeline Kelly, Jamie Hynds, Ian Trump, Destiny Bertucci, Curtis Ingram, Chris Wiley, Ren Penaflor, Allie Eby, Ann Guidry, Rainy Schermerhorn, Kirsten Tanges, Damon Garcia
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
In this joint presentation for the ISSA-LA Summit X in Los Angeles, Jennifer Rathburn, a cybersecurity and data privacy law expert at Foley & Lardner LLP and William Dixon, Associate Managing Director in Kroll's Cyber Risk practice, highlight three incident response scenarios and tips on breach preparation and response.
To learn more, contact Jennifer or William at:
Jennifer Rathburn, Foley & Lardner LLP
jrathburn@foley.com; 414-297-5864
William Dixon, Kroll, a Division of Duff & Phelps
william.dixon@kroll.com; 213-247-3973
This document provides an introduction to risk analysis for information security. It discusses key concepts like risk, scales of measurement, possibility vs probability, precision vs accuracy, and using data fit for purpose. It then uses a data breach as a use case to demonstrate how to analyze risk by looking at frequency of occurrence and financial impact. Sources of breach cost data like Ponemon Institute and NetDiligence studies are also summarized.
Industrial Control Security USA Sacramento California Oct 6/7James Nesbitt
Industrial Control Cyber Security conference Sacramento California October 6th and 7th, Key Note speakers include DOE, NERC, NIST, SMUD, PG&E, SCE, NCi Security, Codenomicon (Heartbleed presentation).
Pre Conference workshop October 5th
“Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats”
Workshop Leader: Ayman AL-Issa, Digital Oil Fields Cyber Security Advisor
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
This document provides an overview and agenda for a presentation on cyber security for agencies. The presentation will cover:
1) An introduction to cyber security threats in an agency environment and what agencies need to know.
2) The legal ramifications of a cyber attack and an agency's responsibilities and liabilities.
3) Developing a crisis communications plan to respond when a cyber attack occurs and the steps agencies should take.
The document then outlines one section of the presentation on defending enterprise integrity and making information security part of an organization's culture. It stresses the importance of focusing on human factors rather than just cyber defenses.
This document discusses cyber insurance and its importance for businesses. It outlines several key types of coverage provided by cyber insurance policies, including privacy breach response costs, digital asset restoration costs, business income loss, cyber extortion, and security and privacy liability. It provides examples of how each type of coverage would apply in different cyber incident scenarios a business might face. It emphasizes that the costs of a cyber attack can far outweigh the costs of investing in cybersecurity solutions and cyber insurance.
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
This document provides information about Shawn Tuma, a cybersecurity partner at Scheef & Stone, L.L.P. It includes his contact information, areas of expertise, industry affiliations, and qualifications. The document highlights that Tuma serves on several boards and committees related to cybersecurity, data privacy, and technology law. It also lists some of the awards and recognitions he has received for his work in these fields.
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz Asia Pte Ltd
One of the biggest challenges facing IT professionals right now in any organisation is the complexity that resulted from the use of disconnected, problem-specific tools from multiple vendors, almost none of which work together.
Simplify and secure your network availability with eSentinel, a 'Plug & Play' Cloud-based security platform.
Website: https://www.netpluz.asia
This document provides recommendations for improving cyber security practices in financial institutions. It discusses the need to properly address cyber threats, develop effective security policies, and continuously monitor and improve weak areas of systems. Specific threats like insider misuse, errors, denial of service attacks, and crimeware are examined, and recommendations are given for mitigating each threat. Additional techniques suggested include implementing redundant systems, secure communications, browser addons, software updates, bounty programs, backups, authentication, encryption, and secure development practices. Real-world examples like the Carbanak attack demonstrate the ongoing risks, emphasizing the importance of proactive cyber security measures.
Cybersecurity: The Danger, the Cost, the RetaliationPECB
The discussion will cover the need, urgency and industry direction in deploying solid cyber defense technologies. There will be real world examples of the costs, the danger and the recovery of both cybersecurity offense and defense. There will be a focus on Increase cyber-attack vulnerabilities such as IoT and Cloud Computing, particular to attacks on physical world critical infrastructure. The subject topic will discuss methods of needed rapid development and deployment of cyber defense technologies today with preparation for a Post Quantum Computing Era.
Main points covered:
• Costs and danger of cyber-attacks now compared to major natural disasters
• Nation State threats on critical infrastructure reaching acts of war
• Cyber offense short term and Cyber Defense long term
Presenter:
Larry Karisny is well known in both the public and private sector as a technology innovator, advisor and renowned expert in cyber defense technology. He is a frequent contributor to Government Technology Magazine and has also written for Infosec Island, PenTest, eForencics and is often quoted in other global publications. He is a sought-after speaker at industry summits and conferences as a session lead and moderator covering the subject of cybersecurity. He acts a Director of the cybersecurity think tank, ProjectSafety.org
As Director of ProjectSafety.org, Mr. Karisny independently sought out unique Proof of Concept (POC), Intrusion Prevention System (IPS), Intrusion Detection System (IDS), security technological approaches to current cybersecurity solutions. He targeted these advanced cyber security technologies with a focus on securing critical infrastructure systems and ecosystems.
His current focus is in demonstrating cybersecurity technologies that offer the capability to defend, detect and remediate malware compromises, system defects and administrative errors. His knowledge base spans from current cybersecurity technologies to Post Quantum cyber defense. His best skill set is to understand even the most complicated information in science and making it understandable to all levels of audience. He is currently involved in commercializing multiple levels of cyber defense technologies form POC to global deployment.
Recorded webinar: https://youtu.be/yyVsSj946S4
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...Shawn Tuma
Cybersecurity and data privacy attorney Shawn Tuma presented on Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm, and Your Law License at State Bar of Texas Annual Meeting 2017 for the Computer & Technology Section of the State Bar of Texas' Adaptable Lawyer Track. The presentation was on June 22, 2017 in Dallas, Texas.
This document discusses various IT security, compliance, legal risk, and disaster preparedness topics. It begins by outlining the basics of an IT security lifecycle including inventorying assets, identifying risks, remediating risks, and monitoring alerts. It then discusses threats like cybercrime, phishing, and issues related to e-discovery, PCI compliance, and HIPAA compliance. The document provides recommendations for legal risk mitigation, disaster preparation, cyber incident handling, and options for addressing IT security needs either through do-it-yourself methods, outside help, or hiring a support organization.
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
This session will provide details on the new law and its requirements, as well as address the current threat landscape, summarize existing data security laws in the U.S., discuss the new EU cyber directive, and continued impact of the Safe Harbor decision. We will disentangle these regulatory changes and challenges and provide tips and tricks for compliance.
Chair: Ewan Quibell, management systems and service leader, Jisc.
16:55-17:35 - Ransomware briefing
Speaker: Adrian Louth, Fortinet.
Ransomware became headline news in 2016 and looks to remain as the top security concern for all organisations in all sectors. Starting with a review of 2016 we’ll discuss the motives and behaviour of the cyber criminals behind this growing threat and try and get into their mindset.
We’ll look at what strategies can limit the impact of this threat including whether to pay is ever right. We will introduce a real life example and how Fortinet’s Security Fabric has effectively stopped the threat and we will look at what’s next in ransomware.
The goal of this session is to be interesting and informative and to build insight for the audience to prioritise and take effective actions to minimise the risk and exposure this threat causes.
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
Presentation to the Association of Continuity Professionals, North Texas Chapter, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
The Security Kung Fu Series was created as both a thought leadership and awareness campaign which ran from Q1 – Q2 2017. It was meant to educate attendees on the internal and external threats businesses face, and the compliance challenges many must endure. It also served to highlight the need for an array of software solutions from the SolarWinds Core IT Security Portfolio which can assist with these concerns.
A primary focus of the event was SolarWinds® Log & Event Manager which can contribute to greater IT security and assist businesses in meeting and maintaining compliance with a variety of compliance regimes.
Part 2: Firewall Logs
Part 2 of the series shifted our attention to the periphery of a network to focus on how firewalls serve as a first line of defense against security threats. In addition to discussing the patterns of attack which have been demonstrated countless times by hackers, we showed how firewall log data can give notice of attempts at infiltrating a network, exfiltrating data, and more. Beyond that, we discussed how Network Change and Configuration Management solutions can too contribute to deeper IT security by helping to alert to config. changes on firewalls - and other network devices - in addition to a host of other capabilities which can help with this cause.
Other Security Kung Fu Events:
Part 1: SIEM Solutions | http://bit.ly/2qkwVWh
Part 3: Active Directory Changes | http://bit.ly/2s5kFFc
Part 4: Security vs. Compliance | http://bit.ly/2qXuc3I
If you are interested in learning about the impact of this campaign, please visit my LinkedIn Profile for more details or feel free to reach out to me directly over LinkedIn.
Acknowledgements
I’d like to thank the following individuals for assisting me in the execution of this campaign:
Justina Lister, Angeline Kelly, Jamie Hynds, Ian Trump, Destiny Bertucci, Curtis Ingram, Chris Wiley, Ren Penaflor, Allie Eby, Ann Guidry, Rainy Schermerhorn, Kirsten Tanges, Damon Garcia
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
In this joint presentation for the ISSA-LA Summit X in Los Angeles, Jennifer Rathburn, a cybersecurity and data privacy law expert at Foley & Lardner LLP and William Dixon, Associate Managing Director in Kroll's Cyber Risk practice, highlight three incident response scenarios and tips on breach preparation and response.
To learn more, contact Jennifer or William at:
Jennifer Rathburn, Foley & Lardner LLP
jrathburn@foley.com; 414-297-5864
William Dixon, Kroll, a Division of Duff & Phelps
william.dixon@kroll.com; 213-247-3973
This document provides an introduction to risk analysis for information security. It discusses key concepts like risk, scales of measurement, possibility vs probability, precision vs accuracy, and using data fit for purpose. It then uses a data breach as a use case to demonstrate how to analyze risk by looking at frequency of occurrence and financial impact. Sources of breach cost data like Ponemon Institute and NetDiligence studies are also summarized.
Industrial Control Security USA Sacramento California Oct 6/7James Nesbitt
Industrial Control Cyber Security conference Sacramento California October 6th and 7th, Key Note speakers include DOE, NERC, NIST, SMUD, PG&E, SCE, NCi Security, Codenomicon (Heartbleed presentation).
Pre Conference workshop October 5th
“Effective methodology to protecting the oil and gas critical infrastructures from the emerging cyber threats”
Workshop Leader: Ayman AL-Issa, Digital Oil Fields Cyber Security Advisor
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
This document provides an overview and agenda for a presentation on cyber security for agencies. The presentation will cover:
1) An introduction to cyber security threats in an agency environment and what agencies need to know.
2) The legal ramifications of a cyber attack and an agency's responsibilities and liabilities.
3) Developing a crisis communications plan to respond when a cyber attack occurs and the steps agencies should take.
The document then outlines one section of the presentation on defending enterprise integrity and making information security part of an organization's culture. It stresses the importance of focusing on human factors rather than just cyber defenses.
This document discusses cyber insurance and its importance for businesses. It outlines several key types of coverage provided by cyber insurance policies, including privacy breach response costs, digital asset restoration costs, business income loss, cyber extortion, and security and privacy liability. It provides examples of how each type of coverage would apply in different cyber incident scenarios a business might face. It emphasizes that the costs of a cyber attack can far outweigh the costs of investing in cybersecurity solutions and cyber insurance.
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
This document provides information about Shawn Tuma, a cybersecurity partner at Scheef & Stone, L.L.P. It includes his contact information, areas of expertise, industry affiliations, and qualifications. The document highlights that Tuma serves on several boards and committees related to cybersecurity, data privacy, and technology law. It also lists some of the awards and recognitions he has received for his work in these fields.
Netpluz | Protecting your Business with eSentinel | 360° Cyber Security Simpl...Netpluz Asia Pte Ltd
One of the biggest challenges facing IT professionals right now in any organisation is the complexity that resulted from the use of disconnected, problem-specific tools from multiple vendors, almost none of which work together.
Simplify and secure your network availability with eSentinel, a 'Plug & Play' Cloud-based security platform.
Website: https://www.netpluz.asia
This document provides recommendations for improving cyber security practices in financial institutions. It discusses the need to properly address cyber threats, develop effective security policies, and continuously monitor and improve weak areas of systems. Specific threats like insider misuse, errors, denial of service attacks, and crimeware are examined, and recommendations are given for mitigating each threat. Additional techniques suggested include implementing redundant systems, secure communications, browser addons, software updates, bounty programs, backups, authentication, encryption, and secure development practices. Real-world examples like the Carbanak attack demonstrate the ongoing risks, emphasizing the importance of proactive cyber security measures.
Cybersecurity: The Danger, the Cost, the RetaliationPECB
The discussion will cover the need, urgency and industry direction in deploying solid cyber defense technologies. There will be real world examples of the costs, the danger and the recovery of both cybersecurity offense and defense. There will be a focus on Increase cyber-attack vulnerabilities such as IoT and Cloud Computing, particular to attacks on physical world critical infrastructure. The subject topic will discuss methods of needed rapid development and deployment of cyber defense technologies today with preparation for a Post Quantum Computing Era.
Main points covered:
• Costs and danger of cyber-attacks now compared to major natural disasters
• Nation State threats on critical infrastructure reaching acts of war
• Cyber offense short term and Cyber Defense long term
Presenter:
Larry Karisny is well known in both the public and private sector as a technology innovator, advisor and renowned expert in cyber defense technology. He is a frequent contributor to Government Technology Magazine and has also written for Infosec Island, PenTest, eForencics and is often quoted in other global publications. He is a sought-after speaker at industry summits and conferences as a session lead and moderator covering the subject of cybersecurity. He acts a Director of the cybersecurity think tank, ProjectSafety.org
As Director of ProjectSafety.org, Mr. Karisny independently sought out unique Proof of Concept (POC), Intrusion Prevention System (IPS), Intrusion Detection System (IDS), security technological approaches to current cybersecurity solutions. He targeted these advanced cyber security technologies with a focus on securing critical infrastructure systems and ecosystems.
His current focus is in demonstrating cybersecurity technologies that offer the capability to defend, detect and remediate malware compromises, system defects and administrative errors. His knowledge base spans from current cybersecurity technologies to Post Quantum cyber defense. His best skill set is to understand even the most complicated information in science and making it understandable to all levels of audience. He is currently involved in commercializing multiple levels of cyber defense technologies form POC to global deployment.
Recorded webinar: https://youtu.be/yyVsSj946S4
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...Shawn Tuma
Cybersecurity and data privacy attorney Shawn Tuma presented on Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm, and Your Law License at State Bar of Texas Annual Meeting 2017 for the Computer & Technology Section of the State Bar of Texas' Adaptable Lawyer Track. The presentation was on June 22, 2017 in Dallas, Texas.
This document discusses various IT security, compliance, legal risk, and disaster preparedness topics. It begins by outlining the basics of an IT security lifecycle including inventorying assets, identifying risks, remediating risks, and monitoring alerts. It then discusses threats like cybercrime, phishing, and issues related to e-discovery, PCI compliance, and HIPAA compliance. The document provides recommendations for legal risk mitigation, disaster preparation, cyber incident handling, and options for addressing IT security needs either through do-it-yourself methods, outside help, or hiring a support organization.
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
This document summarizes a presentation on privacy and technology issues for law firms. It discusses why data breaches are a risk for law firms, as they hold valuable corporate and client data. Several types of attacks that could lead to breaches are described, such as insider threats, vendor threats, phishing, and ransomware. Compliance with breach notification laws, privacy laws, and professional responsibility rules is also discussed. The costs of breaches and implications for a law firm's practice are reviewed. Initial takeaways from a recent major data breach are provided. Questions from attendees are answered relating to privacy, cybersecurity, legal technology, cloud computing contracts, and maintaining competence regarding technology.
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
No matter what kind of law practice you have, you need to comply with privacy laws generally and lawyers' ethical duties with respect to privacy, specifically. In this presentation, legal ethics counsel Sarah Banola (Cooper, White and Cooper, LLP) and employment and privacy attorney Diana Maier (Law Offices of Diana Maier) deliver a primer on privacy law and teach you the key areas of privacy law and associated ethical obligations.
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
This document summarizes a presentation on cybersecurity risks for law firms and how to protect sensitive client data. The presentation covers:
1. Tips for preventing cyberattacks including having security plans, policies for employees and vendors, and implementing best practices.
2. The response required after a data breach, including activating an incident response plan, securing systems, notifying authorities and counsel, and conducting forensics.
3. Different legal obligations for law firms compared to corporations after a breach in terms of state breach notification laws and preserving attorney-client privilege.
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
This document discusses best practices for corporate data security and legal compliance. It begins with an overview of common data breaches in 2014 and the industries most affected. It then outlines best practice protocols from organizations like NIST, recommendations for rapid detection of breaches, and top priority steps to take before an attack like identifying critical data and having backup plans. The document also discusses major data security and privacy laws, creating an incident response team, and proper steps to take when responding to a breach, including notification requirements. The goal is to help companies properly secure data and respond effectively in the event of a security incident.
How to Build and Implement your Company's Information Security ProgramFinancial Poise
Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure?
An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place.
This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/how-to-build-and-implement-your-companys-information-security-program-2021/
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure?
An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place.
This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data.
Part of the webinar series:
CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
Presentation delivered at the Cybersecurity for the Board & C-Suite "What You Need to Know" Cyber Security Summit Sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies' Institute for Homeland Security, Cybercrime and International Criminal Justice. Shawn Tuma, Cybersecurity & Data Privacy lawyer at Scheef & Stone, LLP in Frisco and Dallas, Texas.
The presentation date was September 13, 2016.
As a cybersecurity and privacy attorney, Shawn Tuma spends much of his time assisting clients proactively prepare for the legal aspects of cybersecurity incidents and respond to incidents when they occur. His work with management, legal, as well as the technology departments, and focus on the legal aspects of cybersecurity, gives him unique insight into how the non-technical areas of companies understand and evaluate cybersecurity.
In his presentation, Tuma will explain how, in his experience, the traditional fear, uncertainty, and doubt – the fear -- that has been used to “sell” cybersecurity has now gone too far and has created a feeling of hopelessness in many companies that has led many to simply quit trying. Instead of always focusing on the fear, he will explain how cybersecurity professionals should help empower companies to do what they can, even if they can’t do everything, so that they can at least improve their cybersecurity posture even if they can’t become “secure.”
Tuma will explain how recent legal and regulatory compliance developments encourage companies to take this approach by doing what is reasonable and provide specific action items that virtually all companies can implement to better themselves in this regard – especially if they find themselves in an incident response situation.
After completing this session, you will:
• Understand why cybersecurity is as much a legal issue as it is a business or technology issue.
• Understand how most legal and regulatory compliance actions support a “take reasonable measures” approach instead of a “strict liability” approach to companies’ pre-breach activities.
• Understand the need to, and how to, focus on the basics of risk and preparation for mitigating such risk.
• Understand the 2 primary legal and regulatory compliance areas that pose the most risk to companies and key action items that can help mitigate that risk.
• Know the 3 pre-breach must-haves for every company to have in place.
• Understand the importance of cybersecurity and privacy focused contractual agreements have on companies and how such agreements can be negotiated.
• Understand why selling the FUD impedes all of these objectives and harms companies’ cybersecurity posture more than it helps.
Join Kaseya and guest cybersecurity expert from Kaspersky, Cynthia James, to hear how companies like Target, eBay, and Home Depot are losing data, and how you can protect your company from suffering the same fate.
• The latest cybersecurity threats and vectors putting organizations at risk
• How your organization can avoid falling victim to a data breach
• Additional strategies to secure your organization and its data
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
Winston's Global Privacy & Data Security Task Force presented an interactive webinar focused on some of the practical ways to prevent theft of key information, investigation tips, and strategies to defend against the use of that information after a theft.
ISSA North Texas - SecureWorld Expo Dallas - Cybersecurity Legal Issues: What...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to ISSA North Texas on October 8, 2016.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
This document contains a copyright notice for an educational presentation on information systems prepared by Arianto Muditomo for Perbanas Institute. It states that the presentation materials are for non-commercial educational use only and cannot be altered or used for commercial purposes without written permission. The document lists references used in the presentation and provides an outline of the presentation topics, which include information systems in business, IT strategic planning, business intelligence and decision support, ethics and security, e-business and e-commerce, and knowledge management.
Cybercrime and the Hidden Perils of Patient DataStephen Cobb
This document discusses the risks of cybercrime for healthcare organizations and patient data. It begins by outlining how cybercrime has increased risks to patient data and the liabilities organizations face for data breaches or non-compliance. It then provides examples of real data breaches and the large fines organizations have faced. The document recommends that organizations perform risk assessments, have outside security reviews, implement key security controls like strong authentication and encryption, and educate employees on security policies and controls. Regular re-assessments are also advised to address evolving threats.
This document discusses information privacy and its technical, organizational, and social implications. It begins by defining information privacy and the relationship between data collection, technology, public expectations of privacy, and legal issues. It then covers topics like personally identifiable information, the types of data collected online, and technical tools and devices related to privacy. The document also addresses the costs of information privacy for governments, companies, and consumers. It discusses perspectives on privacy from different generations and countries. Finally, it covers organizational privacy policies and standards, as well as some high-profile data breach cases and the importance of information security.
This document discusses cybersecurity and provides guidance on developing a cybersecurity plan. It recommends taking four key steps: 1) understanding common cybersecurity issues, 2) evaluating organizational risks, 3) protecting the organization through measures like data encryption and training, and 4) developing an incident response plan to react to data breaches. The document then covers various components of a cybersecurity plan, including conducting a data inventory, assessing risks, and implementing technical, policy, and training controls.
Similar to Lawyers' Ethical Obligations for Cybersecurity (20)
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Columbia University for the Executive Masters of Technology Management Program on November 21, 2020.
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Dallas Baptist University Reimagine Technology Conference course in Dallas, Texas on November 18, 2020.
The document provides a checklist of good cyber hygiene practices for companies. It recommends starting with a risk assessment and developing written cybersecurity policies covering data protection, monitoring, privacy, access limits, passwords, and BYOD. It also stresses training employees on policies, conducting phishing tests, using multi-factor authentication, antivirus software, access controls, updating software and backups. The checklist additionally includes recommendations for encrypting sensitive data, adequate logging, an incident response plan, third-party risk management, firewalls and cyber risk insurance.
This checklist outlines the steps a company should take in response to a cyber incident. It includes determining if the incident warrants escalation, documenting decisions, mitigating any ongoing compromise, engaging legal counsel, activating an incident response plan, notifying relevant parties such as insurers and business partners, investigating the scope of data compromised, assessing legal obligations, determining if law enforcement or public notification is required, and implementing measures to prevent future breaches. The checklist emphasizes having an incident response plan in place before a breach occurs to facilitate a coordinated response.
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
Cybersecurity requires a strategic, team-based approach. Effective cybersecurity teams require an understanding of roles, personalities, and psychology. Strategic leadership is needed to develop both proactive security and reactive incident response teams. Tabletop exercises are important for assessing teams and allowing members to practice their roles. While cybersecurity lawyers cannot provide a "magic wand" of privilege, they can help by actively leading risk management programs and investigations to maximize potential privilege protections.
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
Reginald A. Hirsch and Shawn E. Tuma presented this talk at the Annual Meeting of the State Bar of Texas for the Law Practice Management Section of the State Bar of Texas. The date of the talk was June 22, 2018, and the location was Houston, Texas.
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
Cybersecurity & Data Privacy attorney Shawn Tuma delivered this presentation to the Mid-Year Meeting of the State Bar of Oklahoma's Intellectual Property Law Section on June 2, 2018. For more information visit www.shawnetuma.com
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
The document summarizes New York's Department of Financial Services cybersecurity regulations. It provides an overview of key dates for covered entities to comply with various aspects of the regulations, describes which businesses are considered covered entities and subject to the rules. It also summarizes several of the main components required by covered entities, including maintaining a cybersecurity program, designating a chief information security officer, conducting risk assessments, implementing controls like multi-factor authentication, and reporting cybersecurity events.
Effective cybersecurity for small and midsize businessesShawn Tuma
This presentation was delivered at the Center for American & International Law's Second Annual Cybersecurity & Data Privacy Law Conference on April 13, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at Misti's InfoSec World during the Privacy & Risk Summit on March 22, 2018, in Orlando, Florida.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presented this session to The American Institute of Architects' Large Firm Round Table on March 15, 2018. For more of Shawn Tuma's presentations please visit: https://shawnetuma.com/presentations/
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
Dallas cybersecurity and data privacy attorney Shawn Tuma delivered this presentation on social media law to Social Media Breakfast on February 22, 2018.
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...Shawn Tuma
was delivered as a webinar to the State Bar of Texas Women and the Law Section on February 15, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
Cybersecurity attorney Shawn Tuma discusses the importance of cybersecurity for law firms. He notes that cybersecurity and privacy issues impact all law firms as clients demand adequate security and firms store sensitive data for multiple clients. While most breaches are from simple issues like weak passwords, law firms remain an attractive target. Tuma outlines 15 common cybersecurity best practices that firms should implement, such as risk assessments, security policies, workforce training, access controls, backups, and incident response plans. He emphasizes adopting a comprehensive cyber risk management program to protect firms from threats.
The document discusses best practices for managing cybersecurity and data privacy risks from third party vendors. It recommends (1) conducting due diligence on third parties' security practices before engaging them, (2) using contracts to obligate third parties to comply with security standards and notify clients of incidents, and (3) periodically assessing third parties' security based on risk. Following these practices can help companies minimize risks from third parties as required by laws and frameworks.
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.
Cybersecurity Fundamentals for Legal ProfessionalsShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at the 55th Annual Conference on Intellectual Property Law at The Center for American and International Law on November 13, 2017.
The Essentials of Cyber Insurance: A Panel of Industry ExpertsShawn Tuma
Patrick Florer (Risk Centric Security, Inc.), Mark Knepshield (McGriff, Seibels & Williams), and John Southrey (Texas Medical Liability Trust) are cyber insurance industry experts who have been working in the industry for longer than most of the newly-minted experts have even known about cyber insurance. In this panel presentation at the North Texas ISSA Conference, cybersecurity and data privacy attorney Shawn Tuma moderated their discussion and it was outstanding even though they did not make it through half of the slides due to the depth of their discussion. The presentation date was November 10, 2017.
Lifting the Corporate Veil. Power Point Presentationseri bangash
"Lifting the Corporate Veil" is a legal concept that refers to the judicial act of disregarding the separate legal personality of a corporation or limited liability company (LLC). Normally, a corporation is considered a legal entity separate from its shareholders or members, meaning that the personal assets of shareholders or members are protected from the liabilities of the corporation. However, there are certain situations where courts may decide to "pierce" or "lift" the corporate veil, holding shareholders or members personally liable for the debts or actions of the corporation.
Here are some common scenarios in which courts might lift the corporate veil:
Fraud or Illegality: If shareholders or members use the corporate structure to perpetrate fraud, evade legal obligations, or engage in illegal activities, courts may disregard the corporate entity and hold those individuals personally liable.
Undercapitalization: If a corporation is formed with insufficient capital to conduct its intended business and meet its foreseeable liabilities, and this lack of capitalization results in harm to creditors or other parties, courts may lift the corporate veil to hold shareholders or members liable.
Failure to Observe Corporate Formalities: Corporations and LLCs are required to observe certain formalities, such as holding regular meetings, maintaining separate financial records, and avoiding commingling of personal and corporate assets. If these formalities are not observed and the corporate structure is used as a mere façade, courts may disregard the corporate entity.
Alter Ego: If there is such a unity of interest and ownership between the corporation and its shareholders or members that the separate personalities of the corporation and the individuals no longer exist, courts may treat the corporation as the alter ego of its owners and hold them personally liable.
Group Enterprises: In some cases, where multiple corporations are closely related or form part of a single economic unit, courts may pierce the corporate veil to achieve equity, particularly if one corporation's actions harm creditors or other stakeholders and the corporate structure is being used to shield culpable parties from liability.
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee
Presentation slides for a session held on June 4, 2024, at Kyoto University. This presentation is based on the presenter’s recent paper, coauthored with Hwang Lee, Professor, Korea University, with the same title, published in the Journal of Business Administration & Law, Volume 34, No. 2 (April 2024). The paper, written in Korean, is available at <https://shorturl.at/GCWcI>.
Corporate Governance : Scope and Legal Frameworkdevaki57
CORPORATE GOVERNANCE
MEANING
Corporate Governance refers to the way in which companies are governed and to what purpose. It identifies who has power and accountability, and who makes decisions. It is, in essence, a toolkit that enables management and the board to deal more effectively with the challenges of running a company.
What are the common challenges faced by women lawyers working in the legal pr...lawyersonia
The legal profession, which has historically been male-dominated, has experienced a significant increase in the number of women entering the field over the past few decades. Despite this progress, women lawyers continue to encounter various challenges as they strive for top positions.
Genocide in International Criminal Law.pptxMasoudZamani13
Excited to share insights from my recent presentation on genocide! 💡 In light of ongoing debates, it's crucial to delve into the nuances of this grave crime.
Receivership and liquidation Accounts
Being a Paper Presented at Business Recovery and Insolvency Practitioners Association of Nigeria (BRIPAN) on Friday, August 18, 2023.
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Massimo Talia
This guide aims to provide information on how lawyers will be able to use the opportunities provided by AI tools and how such tools could help the business processes of small firms. Its objective is to provide lawyers with some background to understand what they can and cannot realistically expect from these products. This guide aims to give a reference point for small law practices in the EU
against which they can evaluate those classes of AI applications that are probably the most relevant for them.
सुप्रीम कोर्ट ने यह भी माना था कि मजिस्ट्रेट का यह कर्तव्य है कि वह सुनिश्चित करे कि अधिकारी पीएमएलए के तहत निर्धारित प्रक्रिया के साथ-साथ संवैधानिक सुरक्षा उपायों का भी उचित रूप से पालन करें।
3. Spencer Fane LLP | spencerfane.com
The Problem for Lawyers
• Prefer to ignore but obligated to address
• Impact all lawyers and law firms alike
• Clients demanding adequate security
• Law firms are an increasingly popular
target
– Value and sensitivity of data
– Data for multiple clients
6. Spencer Fane LLP | spencerfane.com
The Ethics for Lawyers
“A lawyer should preserve the confidences
and secrets of a client.”
• Ethics Opinion 384 (Sept. 1975)
• Canon No. 4, Code of Professional
Responsibility
• Disciplinary Rule (DR) 4-101 (A) and (B)
• New duty of “technical competence” for lawyers
7. Spencer Fane LLP | spencerfane.com
Can you hear me now?
• ABA Ethics Opinion 483
• Lawyers’ Obligations After an
Electronic Data Breach of
Cyberattack
• October 17, 2018
8. Spencer Fane LLP | spencerfane.com
Ethics Opinion 483
• Lawyers’ Obligations After an Electronic Data Breach or
Cyberattack
– Proactive obligations
– “data breach” ≠ “data breach”
• “data breach” – “a data event where material client
confidential information is misappropriated, destroyed or
otherwise compromised, or where a lawyer’s ability to
perform the legal services for which the lawyer is hired is
significantly impaired by the episode.”
• Ransomware?
• Service provider network outage, even if no access or
exfiltraton?
9. Spencer Fane LLP | spencerfane.com
Ethics Opinion 483
• Focus is on the overall process of protecting information, not
the result.
• Requires lawyers to:
1. Be competent by keeping abreast of the benefits and risks
associated with relevant technology;
2. Have reasonable cybersecurity safeguards in place;
3. Follow appropriate data destruction procedures;
4. Actively monitor for breaches of client information;
5. Address third-party risk;
6. Investigate, respond to, and mitigate incidents;
7. Develop and implement an incident response plan; and
8. Notify clients in an appropriate manner when there has been a
“data breach.”
10. Spencer Fane LLP | spencerfane.com
Cybersecurity Best Practices
• Risk assessment
• Policies and procedures focused
on cybersecurity
– Culture
– Social engineering, password, security
questions
• Train workforce on P&P, security
• Phish all workforce
• Multi-factor authentication
• Internal controls / access controls
to restrict unnecessary data risk
• Data retention policy
• Signature based antivirus and
malware detection
• No outdated or unsupported
software
• Patch management process
• Backups segmented offline, cloud,
redundant
• Incident response plan
• Encrypt sensitive and air-gap
hypersensitive data
• Adequate logging and retention
• Third-party security risk
management program
• Firewall, intrusion detection and
prevention systems
• Managed services provider (MSP)
or managed security services
provider (MSSP)
• Cyber risk insurance
12. Spencer Fane LLP | spencerfane.com
Shawn Tuma
Co-Chair, Cybersecurity & Data Privacy
Spencer Fane LLP
972.324.0317
stuma@spencerfane.com
• Board, Southern Methodist University Cyber Advisory
• Board of Advisors, North Texas Cyber Forensics Lab
• Policy Council, National Technology Security
Coalition
• Practitioner Editor, Bloomberg BNA – Texas
Cybersecurity & Data Privacy Law
• Board of Directors & General Counsel, Cyber Future
Foundation
• Cybersecurity & Data Privacy Law Trailblazers,
National Law Journal (2016)
• SuperLawyers Top 100 Lawyers in Dallas (2016)
• SuperLawyers 2015-19
• Best Lawyers in Dallas 2014-19, D Magazine
(Cybersecurity Law)
• Council, Computer & Technology Section, State Bar
of Texas
• Privacy and Data Security Committee of the State Bar
of Texas
• College of the State Bar of Texas
• Board of Directors, Collin County Bench Bar
Conference
• Past Chair, Civil Litigation & Appellate Section, Collin
County Bar Association
• Information Security Committee of the Section on
Science & Technology Committee of the American
Bar Association
• North Texas Crime Commission, Cybercrime
Committee & Infragard (FBI)
• International Association of Privacy Professionals