Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
Presentation to the Texas Bar CLE program on Contract Drafting, Review and Negotiation on December 5, 2017 in Austin, Texas, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Presentation to the Texas Bar CLE program on Contract Drafting, Review and Negotiation on December 5, 2017 in Austin, Texas, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
Getting in Shape – NYDFS Cyber Security Regulations Webinar
Presenters: Shawn Tuma, Cybersecurity & Data Protection Attorney, Scheef & Stone LLP | Bill Belcher, VP Americas, Boldon James In an initiative to protect New York’s financial services industry, a new State regulation has been introduced to protect consumers and financial institutions from cyber-attacks. Effective March 1, 2017, this risk-driven regulation requires all financial services institutions regulated by the Department of Financial Services (DFS) to establish and maintain a cyber security program that will protect both customers’ private data and the technology that supports this. The impact stretches down through the supply chain, as any organization that conducts business with the NYC financial services sector has to adopt the same level of data protection.
Watch this webcast to learn:
The key requirements of the NYC Cyber security regulation
How compliance is about process first, then people and technology
What organizations need to be doing to ensure they comply
How data classification can help ensure compliance
NYDFS Cybersecurity Regulations (23 NYCRR 500) New York is one of the biggest financial hubs in the world; as you can imagine where there is sensitive financial information, there are people who want to get their hands on it. It is for this reason major financial firms operating in New York will face stiff cyber security obligations under the new New York Department of Financial Services Cybersecurity Regulations (23 NYCRR 500). This regulation will apply to firms holding a banking, insurance or financial services licence to operate in New York. 23 NYCRR 500 has been effective as of March 1st 2017, although firms have 180 days from this introduction date to change internal systems in order to meet new compliance and regulation standards. This fact sheet outlines:
23 NYCRR 500 overview
Key dates for covered entities
Key tasks for compliance
How Boldon James can help
Please complete the adjoining form to request it.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
The EU Global Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) represent a landmark change in the global data protection space. While they originate in different countries and apply to different organizations, their primary message is the same:
Protect your data, or pay a steep price. More specifically, protect the sensitive data you collect from customers.
With deadlines looming, is your organization ready?
The time to act is now. Read more to learn:
--Key mandates and minimum requirements for compliance
--Why a comprehensive data-centric security strategy is invaluable to all data protection and data privacy efforts
--How you can gauge your organization’s incident response capabilities
--How to extend your focus beyond the organization’s figurative four walls to ensure requirements are met throughout your supply chain
The first New York requirements deadline has arrived. With the next deadline of mandates only 6 months away, you don't want to fall behind and leave your organization at risk for potential penalties and fines.
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to the meeting of Women's In-House Network - DFW on April 27, 2017.
This presentation included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies and the EU's General Data Protection Regulation (GDPR).
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
“Securing the Critical Infrastructure Networks Effectively” - Is OT the Weakest Link in Securing the Critical Infrastructure?
Cyber Attacks has consistently ranked among the top threats faced by businesses. Cyber Security as a subject that has now reached boardroom agendas. There have been proposals to link Cyber Security to CEO performance and pays. The point only underlines the critical nature and importance of Cyber Security to Businesses.
In an OT environment, the threat is amplified much more because it can have ramifications that impact human lives and their safety.
As cyber criminals and nation-states continue to improve the sophistication of attacks that bypass traditional preventive defenses, organizations must evolve their security defenses to reduce dwell time. Join Fidelis Advisor, and ex CIA CTO, Bob Flores and Fidelis Senior Manager, Tom Clare as they delve into the results of The 2018 State of Threat Detection Report and discuss what the research means for organizations large and small across the globe.
Speaker at the IDC IT Security Roadshow 2017 in Doha. It was a one day event bringing together some Security Vendors and End User folks to present and discuss security related topics. The event midway was split into two tracks A - Threat Intelligence and B - Securing the Endpoint to the cloud. My End User Presentation (Track A) covered Threat Intelligence. There were some some interesting speakers and audience Q & A discussions followed by a networking lunch to boot. The venue at the Shangri La Hotel in Doha provided a great space and good networking opportunity.
Dr. Daniel M. Gerstein has served as the Deputy Under Secretary for Science & Technology in the Department of Homeland Security since August 2011. He is also an Adjunct Professor at American University in Washington, DC at the School of International Service (SIS) where he teaches graduate level courses on biological warfare and the evolution of military thought.
Dr. Gerstein has extensive experience in the security and defense sectors in a variety of positions while serving as a Senior Executive Service (SES) government civilian, in uniform, and in industry. Before joining DHS, he served as the Principal Director for Countering Weapons of Mass
Destruction (WMD) within the Office of the Secretary of Defense (Policy). He has served on four different continents participating in homeland security and counterterrorism, peacekeeping, humanitarian assistance, and combat in addition to serving for over a decade in the Pentagon in various high level staff assignments. Following retirement from active duty, Dr. Gerstein joined L-3 Communications as Vice President for Homeland Security Services, leading an organization providing WMD preparedness and response, critical infrastructure security, emergency response capacity, and exercise support to U.S. and international customers.
Dr. Gerstein also has extensive experience in international negotiations having served on the Holbrooke Delegation that negotiated the peace settlement in Bosnia, developed and analyzed negotiating positions for the Conventional Armed Forces in Europe (CFE) talks, and developed an initiative to improve cross border communications between Colombia and neighboring Andean Ridge nations. Additionally, Dr. Gerstein led an initiative to develop a comprehensive biosurveillance system for the Department of Defense (2010-2011), served on the leadership team for the Project for National Security Reform (PNSR) which was charged with developing a new national security act to reflect the changing security environment (2007-2008), co-led the Secretary of the Army’s Transition Team (2004-2005), and led the Army’s most comprehensive restructuring since World War II (2000-2001).
He has been awarded numerous military and civilian awards including an award from the Government of Colombia, the Department of State’s Distinguished Service Award, and the U.S. Army Soldiers Medal for heroism.
He has published numerous books and articles on national security, biological warfare, and information technology including Bioterror in the 21st Century (Naval Institute Press, October 2009), ICMA Report: Planning for a Pandemic (ICMA Press, Volume 39/Number 3 2007), Securing America’s Future: National Strategy in the Information Age (Praeger Security International, September 2005); Leading at the Speed of Light (Potomac Books, November 2006); Assignment Pentagon (Potomac Books, May 2007). He has also served as a fellow at the Council on Foreign Relations and is a current member.
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
Presentation to the Association of Continuity Professionals, North Texas Chapter, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...Shawn Tuma
was delivered as a webinar to the State Bar of Texas Women and the Law Section on February 15, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
Getting in Shape – NYDFS Cyber Security Regulations Webinar
Presenters: Shawn Tuma, Cybersecurity & Data Protection Attorney, Scheef & Stone LLP | Bill Belcher, VP Americas, Boldon James In an initiative to protect New York’s financial services industry, a new State regulation has been introduced to protect consumers and financial institutions from cyber-attacks. Effective March 1, 2017, this risk-driven regulation requires all financial services institutions regulated by the Department of Financial Services (DFS) to establish and maintain a cyber security program that will protect both customers’ private data and the technology that supports this. The impact stretches down through the supply chain, as any organization that conducts business with the NYC financial services sector has to adopt the same level of data protection.
Watch this webcast to learn:
The key requirements of the NYC Cyber security regulation
How compliance is about process first, then people and technology
What organizations need to be doing to ensure they comply
How data classification can help ensure compliance
NYDFS Cybersecurity Regulations (23 NYCRR 500) New York is one of the biggest financial hubs in the world; as you can imagine where there is sensitive financial information, there are people who want to get their hands on it. It is for this reason major financial firms operating in New York will face stiff cyber security obligations under the new New York Department of Financial Services Cybersecurity Regulations (23 NYCRR 500). This regulation will apply to firms holding a banking, insurance or financial services licence to operate in New York. 23 NYCRR 500 has been effective as of March 1st 2017, although firms have 180 days from this introduction date to change internal systems in order to meet new compliance and regulation standards. This fact sheet outlines:
23 NYCRR 500 overview
Key dates for covered entities
Key tasks for compliance
How Boldon James can help
Please complete the adjoining form to request it.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: How do we Protect our Systems and Meet Compliance in a Rapidly Changing Environment
Presenter: Sean McCloskey, Program Manager, Cyber Security Evaluations Program, DHS
Description: With all the constant innovation in cyber, what is “cutting edge”? What constraints hinder innovation? How is technology being used to address the Executive Orders, comply to standards, and other meet other mandates? What areas still need resources, ideas and innovation? Join us to hear advances in cyber security technology and ways to protect and monitor systems that will provide for resilient infrastructures and incorporate new solutions.
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
The EU Global Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) represent a landmark change in the global data protection space. While they originate in different countries and apply to different organizations, their primary message is the same:
Protect your data, or pay a steep price. More specifically, protect the sensitive data you collect from customers.
With deadlines looming, is your organization ready?
The time to act is now. Read more to learn:
--Key mandates and minimum requirements for compliance
--Why a comprehensive data-centric security strategy is invaluable to all data protection and data privacy efforts
--How you can gauge your organization’s incident response capabilities
--How to extend your focus beyond the organization’s figurative four walls to ensure requirements are met throughout your supply chain
The first New York requirements deadline has arrived. With the next deadline of mandates only 6 months away, you don't want to fall behind and leave your organization at risk for potential penalties and fines.
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
Key legal data security concerns for 2016; Privacy and security preparation; Vendor management; When and how to engage outside counsel & advisors; EU Privacy update; Sample enforcement actions.
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to the meeting of Women's In-House Network - DFW on April 27, 2017.
This presentation included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies and the EU's General Data Protection Regulation (GDPR).
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
“Securing the Critical Infrastructure Networks Effectively” - Is OT the Weakest Link in Securing the Critical Infrastructure?
Cyber Attacks has consistently ranked among the top threats faced by businesses. Cyber Security as a subject that has now reached boardroom agendas. There have been proposals to link Cyber Security to CEO performance and pays. The point only underlines the critical nature and importance of Cyber Security to Businesses.
In an OT environment, the threat is amplified much more because it can have ramifications that impact human lives and their safety.
As cyber criminals and nation-states continue to improve the sophistication of attacks that bypass traditional preventive defenses, organizations must evolve their security defenses to reduce dwell time. Join Fidelis Advisor, and ex CIA CTO, Bob Flores and Fidelis Senior Manager, Tom Clare as they delve into the results of The 2018 State of Threat Detection Report and discuss what the research means for organizations large and small across the globe.
Speaker at the IDC IT Security Roadshow 2017 in Doha. It was a one day event bringing together some Security Vendors and End User folks to present and discuss security related topics. The event midway was split into two tracks A - Threat Intelligence and B - Securing the Endpoint to the cloud. My End User Presentation (Track A) covered Threat Intelligence. There were some some interesting speakers and audience Q & A discussions followed by a networking lunch to boot. The venue at the Shangri La Hotel in Doha provided a great space and good networking opportunity.
Dr. Daniel M. Gerstein has served as the Deputy Under Secretary for Science & Technology in the Department of Homeland Security since August 2011. He is also an Adjunct Professor at American University in Washington, DC at the School of International Service (SIS) where he teaches graduate level courses on biological warfare and the evolution of military thought.
Dr. Gerstein has extensive experience in the security and defense sectors in a variety of positions while serving as a Senior Executive Service (SES) government civilian, in uniform, and in industry. Before joining DHS, he served as the Principal Director for Countering Weapons of Mass
Destruction (WMD) within the Office of the Secretary of Defense (Policy). He has served on four different continents participating in homeland security and counterterrorism, peacekeeping, humanitarian assistance, and combat in addition to serving for over a decade in the Pentagon in various high level staff assignments. Following retirement from active duty, Dr. Gerstein joined L-3 Communications as Vice President for Homeland Security Services, leading an organization providing WMD preparedness and response, critical infrastructure security, emergency response capacity, and exercise support to U.S. and international customers.
Dr. Gerstein also has extensive experience in international negotiations having served on the Holbrooke Delegation that negotiated the peace settlement in Bosnia, developed and analyzed negotiating positions for the Conventional Armed Forces in Europe (CFE) talks, and developed an initiative to improve cross border communications between Colombia and neighboring Andean Ridge nations. Additionally, Dr. Gerstein led an initiative to develop a comprehensive biosurveillance system for the Department of Defense (2010-2011), served on the leadership team for the Project for National Security Reform (PNSR) which was charged with developing a new national security act to reflect the changing security environment (2007-2008), co-led the Secretary of the Army’s Transition Team (2004-2005), and led the Army’s most comprehensive restructuring since World War II (2000-2001).
He has been awarded numerous military and civilian awards including an award from the Government of Colombia, the Department of State’s Distinguished Service Award, and the U.S. Army Soldiers Medal for heroism.
He has published numerous books and articles on national security, biological warfare, and information technology including Bioterror in the 21st Century (Naval Institute Press, October 2009), ICMA Report: Planning for a Pandemic (ICMA Press, Volume 39/Number 3 2007), Securing America’s Future: National Strategy in the Information Age (Praeger Security International, September 2005); Leading at the Speed of Light (Potomac Books, November 2006); Assignment Pentagon (Potomac Books, May 2007). He has also served as a fellow at the Council on Foreign Relations and is a current member.
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
Presentation to the Association of Continuity Professionals, North Texas Chapter, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...Shawn Tuma
was delivered as a webinar to the State Bar of Texas Women and the Law Section on February 15, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presented this session to The American Institute of Architects' Large Firm Round Table on March 15, 2018. For more of Shawn Tuma's presentations please visit: https://shawnetuma.com/presentations/
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at Misti's InfoSec World during the Privacy & Risk Summit on March 22, 2018, in Orlando, Florida.
Effective cybersecurity for small and midsize businessesShawn Tuma
This presentation was delivered at the Center for American & International Law's Second Annual Cybersecurity & Data Privacy Law Conference on April 13, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
Cybersecurity & Data Privacy attorney Shawn Tuma delivered this presentation to the Mid-Year Meeting of the State Bar of Oklahoma's Intellectual Property Law Section on June 2, 2018. For more information visit www.shawnetuma.com
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
Cybersecurity: How to Protect Your Firm from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
We work with your IT department and internal IT security staff in order to analyze your system from a top-level perspective, looking for patterns to determine what’s driving the vulnerabilities we’ve identified.
Securing Your Digital Files from Legal ThreatsAbbie Hosta
Get ready to learn some immensely powerful tips and management approaches designed to safeguard your digital files firm from today’s growing cyber threats. Dive into Worldox technology and how it helps clients ensure compliance with ABA rules and protect your documents. We’ll offer practical guidance and strategies for Worldox users, law firm administrators, and IT managers looking to secure their documents and protect their sensitive client, business and employee information.
Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm,...Shawn Tuma
Cybersecurity and data privacy attorney Shawn Tuma presented on Real World Cybersecurity Tips You Can Use to Protect Your Clients, Your Firm, and Your Law License at State Bar of Texas Annual Meeting 2017 for the Computer & Technology Section of the State Bar of Texas' Adaptable Lawyer Track. The presentation was on June 22, 2017 in Dallas, Texas.
Cybersecurity Fundamentals for Legal ProfessionalsShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at the 55th Annual Conference on Intellectual Property Law at The Center for American and International Law on November 13, 2017.
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Southern Methodist University Digital Branding Class on October 27, 2020.
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Columbia University for the Executive Masters of Technology Management Program on November 21, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Northwestern State University's Fall Continuing Legal Education Conference on November 18, 2020.
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Dallas Baptist University Reimagine Technology Conference course in Dallas, Texas on November 18, 2020.
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Texas Bar CLE's Making and Breaking Iron-Clad Contracts course in Austin, Texas on March 6, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma delivered this presentation on April 9, 2019, at the Oklahoma State University 4th Annual Cyber Security Conference in Oklahoma City, Oklahoma.
In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of cybersecurity and data breach cases that have helped him understand the real-world risks companies face and the practical things they can do to prioritize their resources and effectively manage cyber risk. In this presentation, he will share his experience on issues such as:
· Why cybersecurity is an overall business risk issue that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and how to personalities and psychology can impact that team
· The most likely real-world risks that most companies face
· How to prioritize limited resources to effectively manage the most likely real-world risks
· What is reasonable cybersecurity
· How to develop, implement, and mature a cyber risk management program
· Why cyber insurance is a critical component of the cyber risk management process
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
Renaissance Executive Forums 2019 CEO Summit presentation by Shawn E. Tuma, Co-Chair, Data Privacy & Cybersecurity Group, Spencer Fane, LLP
March 7, 2019
Dallas, Texas
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Spencer Fane LLP Cybersecurity and Data Privacy attorney Shawn Tuma delivered "The Legal Case for Cyber Risk Management Programs and What They Should Include" at the Texas Society of Certified Public Accountants' TSCPA CPE 2018 CPE Expo Conference on November 30, 2018, in Addison, Texas.
As an attorney serving as a guide for companies that have data breaches, I regularly advise clients through the data breach incident response process. Here is a checklist that I developed to give them a roadmap for how this process works, on a single page. While this is not an exhaustive list, these are the items that most often need to be performed in the cases in which I guide clients through the incident response and remediation process. Of course, there will be exceptions, additions, and omissions — take this for what it is, a starting point. Another important point to remember is that this is just a checklist, it is not a cybersecurity incident response plan. Fore more information see https://shawnetuma.com/incident-response-checklist/
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
Cybersecurity is a Team Sport: Why strategic leadership and an understanding of roles, personalities, and psychology is important for building and managing effective cybersecurity teams.
This presentation was a discussion of issues such as:
* Who should be on the team and what should they know?
* How should the team be organized?
* Who is responsible for developing the strategy and seeing the whole playing field?
* What are the team members responsibilities?
* How do team members personalities affect their roles and performance?
* Is there a role for lawyers if the "privilege" "magic wand" turns out to be more fairy-tale than reality?
The presentation was delivered by cybersecurity and data privacy attorney Shawn Tuma, Co-Chair of the Cybersecurity and Data Privacy Practice Group of Spencer Fane LLP, on October 10, 2018, at SecureWorld - Dallas.
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
Reginald A. Hirsch and Shawn E. Tuma presented this talk at the Annual Meeting of the State Bar of Texas for the Law Practice Management Section of the State Bar of Texas. The date of the talk was June 22, 2018, and the location was Houston, Texas.
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
Dallas cybersecurity and data privacy attorney Shawn Tuma delivered this presentation on social media law to Social Media Breakfast on February 22, 2018.
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptxOmGod1
Precedent, or stare decisis, is a cornerstone of common law systems where past judicial decisions guide future cases, ensuring consistency and predictability in the legal system. Binding precedents from higher courts must be followed by lower courts, while persuasive precedents may influence but are not obligatory. This principle promotes fairness and efficiency, allowing for the evolution of the law as higher courts can overrule outdated decisions. Despite criticisms of rigidity and complexity, precedent ensures similar cases are treated alike, balancing stability with flexibility in judicial decision-making.
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
ALL EYES ON RAFAH BUT WHY Explain more.pdf46adnanshahzad
All eyes on Rafah: But why?. The Rafah border crossing, a crucial point between Egypt and the Gaza Strip, often finds itself at the center of global attention. As we explore the significance of Rafah, we’ll uncover why all eyes are on Rafah and the complexities surrounding this pivotal region.
INTRODUCTION
What makes Rafah so significant that it captures global attention? The phrase ‘All eyes are on Rafah’ resonates not just with those in the region but with people worldwide who recognize its strategic, humanitarian, and political importance. In this guide, we will delve into the factors that make Rafah a focal point for international interest, examining its historical context, humanitarian challenges, and political dimensions.
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
WINDING UP of COMPANY, Modes of DissolutionKHURRAMWALI
Winding up, also known as liquidation, refers to the legal and financial process of dissolving a company. It involves ceasing operations, selling assets, settling debts, and ultimately removing the company from the official business registry.
Here's a breakdown of the key aspects of winding up:
Reasons for Winding Up:
Insolvency: This is the most common reason, where the company cannot pay its debts. Creditors may initiate a compulsory winding up to recover their dues.
Voluntary Closure: The owners may decide to close the company due to reasons like reaching business goals, facing losses, or merging with another company.
Deadlock: If shareholders or directors cannot agree on how to run the company, a court may order a winding up.
Types of Winding Up:
Voluntary Winding Up: This is initiated by the company's shareholders through a resolution passed by a majority vote. There are two main types:
Members' Voluntary Winding Up: The company is solvent (has enough assets to pay off its debts) and shareholders will receive any remaining assets after debts are settled.
Creditors' Voluntary Winding Up: The company is insolvent and creditors will be prioritized in receiving payment from the sale of assets.
Compulsory Winding Up: This is initiated by a court order, typically at the request of creditors, government agencies, or even by the company itself if it's insolvent.
Process of Winding Up:
Appointment of Liquidator: A qualified professional is appointed to oversee the winding-up process. They are responsible for selling assets, paying off debts, and distributing any remaining funds.
Cease Trading: The company stops its regular business operations.
Notification of Creditors: Creditors are informed about the winding up and invited to submit their claims.
Sale of Assets: The company's assets are sold to generate cash to pay off creditors.
Payment of Debts: Creditors are paid according to a set order of priority, with secured creditors receiving payment before unsecured creditors.
Distribution to Shareholders: If there are any remaining funds after all debts are settled, they are distributed to shareholders according to their ownership stake.
Dissolution: Once all claims are settled and distributions made, the company is officially dissolved and removed from the business register.
Impact of Winding Up:
Employees: Employees will likely lose their jobs during the winding-up process.
Creditors: Creditors may not recover their debts in full, especially if the company is insolvent.
Shareholders: Shareholders may not receive any payout if the company's debts exceed its assets.
Winding up is a complex legal and financial process that can have significant consequences for all parties involved. It's important to seek professional legal and financial advice when considering winding up a company.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
DNA Testing in Civil and Criminal Matters.pptxpatrons legal
Get insights into DNA testing and its application in civil and criminal matters. Find out how it contributes to fair and accurate legal proceedings. For more information: https://www.patronslegal.com/criminal-litigation.html
4. “Security and IT protect companies’ data;
Legal protects companies from their data.”
5. “Cybersecurity is no longer just an IT
issue—it is an overall business risk issue.”
6. Legal obligations.
▪ Types
▪ Security
▪ Privacy
▪ Unauthorized Access
▪ International Laws
▪ Safe Harbor
▪ Privacy Shield
▪ GDPR
▪ Federal Laws & Regs.
▪ HIPAA, GLBA, FERPA
▪ FTC, FCC, SEC
▪ State Laws
▪ 48 states (AL & SD)
▪ NYDFS & Colorado FinServ
▪ Industry Groups
▪ PCI, FINRA, etc.
▪ Contracts
▪ 3rd Party Bus. Assoc.
▪ Data Security Addendum
7. Real-world threats.
• 63% confirmed breaches from weak,
default, or stolen passwords
• Data is lost over 100x more than stolen
• Phishing used most to install malware
Easily Avoidable Breaches
90% in 2014
91% in 2015
91% in 2016 (90% from email)
Easily Avoidable Breaches
90% in 2014
91% in 2015
91% in 2016 (90% from email)
8. Common cybersecurity best practices.
1. Risk assessment.
2. Policies and procedures focused on
cybersecurity.
• Social engineering, password,
security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and
malware detection.
6. Access controls.
7. Security updates and patch
management.
8. Multi-factor authentication.
9. Backups segmented offline and
redundant.
10. No outdated or unsupported
software.
11. Incident response plan.
12. Encrypt sensitive and air-gap
hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment
& management.
15. Intrusion detection and intrusion
prevention systems.
9. Does your company have reasonable cybersecurity?
1. Risk assessment.
2. Policies and procedures focused on
cybersecurity.
• Social engineering, password,
security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and
malware detection.
6. Access controls.
7. Security updates and patch
management.
8. Multi-factor authentication.
9. Backups segmented offline and
redundant.
10. No outdated or unsupported
software.
11. Incident response plan.
12. Encrypt sensitive and air-gap
hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment
& management.
15. Intrusion detection and intrusion
prevention systems.
In re Target Data Security Breach Litigation, (Fin. Inst.) (Dec. 2, 2014)
F.T.C. v. Wyndham Worldwide Corp., 299 F.3d 236 (3rd Cir. Aug. 24, 2015)
10. Does your company have reasonable cybersecurity?
1. Risk assessment.
2. Policies and procedures focused on
cybersecurity.
• Social engineering, password,
security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and
malware detection.
6. Access controls.
7. Security updates and patch
management.
8. Multi-factor authentication.
9. Backups segmented offline and
redundant.
10. No outdated or unsupported
software.
11. Incident response plan.
12. Encrypt sensitive and air-gap
hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment
& management.
15. Intrusion detection and intrusion
prevention systems.
In re Target Data Security Breach Litigation, (Fin. Inst.) (Dec. 2, 2014)
F.T.C. v. Wyndham Worldwide Corp., 299 F.3d 236 (3rd Cir. Aug. 24, 2015)
11. Does your company have adequate internal network
controls?
1. Risk assessment.
2. Policies and procedures focused on
cybersecurity.
• Social engineering, password,
security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and
malware detection.
6. Access controls.
7. Security updates and patch
management.
8. Multi-factor authentication.
9. Backups segmented offline and
redundant.
10. No outdated or unsupported
software.
11. Incident response plan.
12. Encrypt sensitive and air-gap
hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment
& management.
15. Intrusion detection and intrusion
prevention systems.
F.T.C. v. LabMD, (July 2016 FTC Commission Order)
12. Does your company have written policies and
procedures focused on cybersecurity?
1. Risk assessment.
2. Policies and procedures focused on
cybersecurity.
• Social engineering, password,
security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and
malware detection.
6. Access controls.
7. Security updates and patch
management.
8. Multi-factor authentication.
9. Backups segmented offline and
redundant.
10. No outdated or unsupported
software.
11. Incident response plan.
12. Encrypt sensitive and air-gap
hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment
& management.
15. Intrusion detection and intrusion
prevention systems.
SEC v. R.T. Jones Capital, Consent Order (Sept. 22, 2015)
13. Does your company have a written cybersecurity
incident response plan?
1. Risk assessment.
2. Policies and procedures focused on
cybersecurity.
• Social engineering, password,
security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and
malware detection.
6. Access controls.
7. Security updates and patch
management.
8. Multi-factor authentication.
9. Backups segmented offline and
redundant.
10. No outdated or unsupported
software.
11. Incident response plan.
12. Encrypt sensitive and air-gap
hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment
& management.
15. Intrusion detection and intrusion
prevention systems.
SEC v. R.T. Jones Capital, Consent Order (Sept. 22, 2015)
14. Does your company manage third-party cyber risk?
1. Risk assessment.
2. Policies and procedures focused on
cybersecurity.
• Social engineering, password,
security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and
malware detection.
6. Access controls.
7. Security updates and patch
management.
8. Multi-factor authentication.
9. Backups segmented offline and
redundant.
10. No outdated or unsupported
software.
11. Incident response plan.
12. Encrypt sensitive and air-gap
hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment
& management.
15. Intrusion detection and intrusion
prevention systems.
In re GMR Transcription Svcs, Consent Order (Aug. 14, 2014)
15. How mature is your company’s cyber risk
management program?
“GMR Transcription Services, Inc. . . . Shall . . . establish and implement, and
thereafter maintain, a comprehensive information security program that is
reasonably designed to protect the security, confidentiality, and integrity of
personal information collected from or about consumers. Such program, the
content and implementation of which must be fully documented in writing,
shall contain administrative, technical, and physical safeguards appropriate to
respondents’ or the business entity’s size and complexity, the nature and
scope of respondents’ or the business entity’s activities, and the sensitivity of
the personal information collected from or about consumers”
In re GMR Transcription Svcs, Consent Order (Aug. 14, 2014)
16. NYDFS Cybersecurity Regulation
• All NY “financial institutions” + third party service providers.
• Third party service providers – examine, obligate, audit.
• Establish Cybersecurity Program (w/ specifics):
• Logging, Data Classification, IDS, IPS;
• Pen Testing, Vulnerability Assessments, Risk Assessment; and
• Encryption, Access Controls.
• Adopt Cybersecurity Policies.
• Designate qualified CISO to be responsible.
• Adequate cybersecurity personnel and intelligence.
• Personnel Policies & Procedures, Training, Written IRP.
• Chairman or Senior Officer Certify Compliance.
17. EU General Data Protection Regulation (GDPR)
• Goal: Protect all EU residents from privacy and data breaches.
• When: May 25, 2018.
• Reach: Applies to all companies (controllers and processors):
• Processing data of EU residents (regardless of where processing),
• In the EU (regardless of where processing), or
• Offering goods or services to EU citizens or monitoring behavior in EU.
• Penalties: up to 4% global turnover or €20 Million (whichever is greater).
• Remedies: data subjects have judicial remedies, right to damages.
• Data subject rights:
• Breach notification – 72 hrs to DPA; “without undue delay” to data subjects.
• Right to access – provide confirmation of processing and electronic copy
(free).
• Data erasure – right to be forgotten, erase, cease dissemination or processing.
• Data portability – receive previously provided data in common format.
• Privacy by design – include data protection in the designing systems.
20. “You don’t drown by
falling in the water;
You drown by staying
there.” – Edwin Louis Cole
21. • Board of Directors & General Counsel, Cyber Future Foundation
• Board of Advisors, North Texas Cyber Forensics Lab
• Policy Council, National Technology Security Coalition
• Cybersecurity Task Force, Intelligent Transportation Society of
America
• Cybersecurity & Data Privacy Law Trailblazers, National Law
Journal (2016)
• SuperLawyers Top 100 Lawyers in Dallas (2016)
• SuperLawyers 2015-16 (IP Litigation)
• Best Lawyers in Dallas 2014-16, D Magazine (Digital Information
Law)
• Council, Computer & Technology Section, State Bar of Texas
• Privacy and Data Security Committee of the State Bar of Texas
• College of the State Bar of Texas
• Board of Directors, Collin County Bench Bar Conference
• Past Chair, Civil Litigation & Appellate Section, Collin County Bar
Association
• Information Security Committee of the Section on Science &
Technology Committee of the American Bar Association
• North Texas Crime Commission, Cybercrime Committee &
Infragard (FBI)
• International Association of Privacy Professionals (IAPP)
Shawn Tuma
Cybersecurity Attorney
Scheef & Stone, L.L.P.
214.472.2135
shawn.tuma@solidcounsel.com
@shawnetuma
blog: www.shawnetuma.com
web: www.solidcounsel.com