Presentation to the Association of Continuity Professionals, North Texas Chapter, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
The document discusses best practices for managing cybersecurity and data privacy risks from third party vendors. It recommends (1) conducting due diligence on third parties' security practices before engaging them, (2) using contracts to obligate third parties to comply with security standards and notify clients of incidents, and (3) periodically assessing third parties' security based on risk. Following these practices can help companies minimize risks from third parties as required by laws and frameworks.
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...Shawn Tuma
was delivered as a webinar to the State Bar of Texas Women and the Law Section on February 15, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Cybersecurity Fundamentals for Legal ProfessionalsShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at the 55th Annual Conference on Intellectual Property Law at The Center for American and International Law on November 13, 2017.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presented this session to The American Institute of Architects' Large Firm Round Table on March 15, 2018. For more of Shawn Tuma's presentations please visit: https://shawnetuma.com/presentations/
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at Misti's InfoSec World during the Privacy & Risk Summit on March 22, 2018, in Orlando, Florida.
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
The document provides information about intelligence and security training courses offered by Security & Intelligence Solutions Ltd and Sibylline Intelligence Solutions. It describes the companies and backgrounds of the owners/founders. Various training courses are then outlined, including topics covered, target attendees, and philosophy/approach. The courses focus on developing intelligence capabilities for corporate security environments. Intellectual property policies are also provided.
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
The document discusses best practices for managing cybersecurity and data privacy risks from third party vendors. It recommends (1) conducting due diligence on third parties' security practices before engaging them, (2) using contracts to obligate third parties to comply with security standards and notify clients of incidents, and (3) periodically assessing third parties' security based on risk. Following these practices can help companies minimize risks from third parties as required by laws and frameworks.
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...Shawn Tuma
was delivered as a webinar to the State Bar of Texas Women and the Law Section on February 15, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Cybersecurity Fundamentals for Legal ProfessionalsShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at the 55th Annual Conference on Intellectual Property Law at The Center for American and International Law on November 13, 2017.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presented this session to The American Institute of Architects' Large Firm Round Table on March 15, 2018. For more of Shawn Tuma's presentations please visit: https://shawnetuma.com/presentations/
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at Misti's InfoSec World during the Privacy & Risk Summit on March 22, 2018, in Orlando, Florida.
Corporate Security Intelligence Just Got Smarter All Courses LinkedinSteve Phelps
The document provides information about intelligence and security training courses offered by Security & Intelligence Solutions Ltd and Sibylline Intelligence Solutions. It describes the companies and backgrounds of the owners/founders. Various training courses are then outlined, including topics covered, target attendees, and philosophy/approach. The courses focus on developing intelligence capabilities for corporate security environments. Intellectual property policies are also provided.
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
Getting in Shape – NYDFS Cyber Security Regulations Webinar
Presenters: Shawn Tuma, Cybersecurity & Data Protection Attorney, Scheef & Stone LLP | Bill Belcher, VP Americas, Boldon James In an initiative to protect New York’s financial services industry, a new State regulation has been introduced to protect consumers and financial institutions from cyber-attacks. Effective March 1, 2017, this risk-driven regulation requires all financial services institutions regulated by the Department of Financial Services (DFS) to establish and maintain a cyber security program that will protect both customers’ private data and the technology that supports this. The impact stretches down through the supply chain, as any organization that conducts business with the NYC financial services sector has to adopt the same level of data protection.
Watch this webcast to learn:
The key requirements of the NYC Cyber security regulation
How compliance is about process first, then people and technology
What organizations need to be doing to ensure they comply
How data classification can help ensure compliance
NYDFS Cybersecurity Regulations (23 NYCRR 500) New York is one of the biggest financial hubs in the world; as you can imagine where there is sensitive financial information, there are people who want to get their hands on it. It is for this reason major financial firms operating in New York will face stiff cyber security obligations under the new New York Department of Financial Services Cybersecurity Regulations (23 NYCRR 500). This regulation will apply to firms holding a banking, insurance or financial services licence to operate in New York. 23 NYCRR 500 has been effective as of March 1st 2017, although firms have 180 days from this introduction date to change internal systems in order to meet new compliance and regulation standards. This fact sheet outlines:
23 NYCRR 500 overview
Key dates for covered entities
Key tasks for compliance
How Boldon James can help
Please complete the adjoining form to request it.
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesKroll
The SEC Office of Compliance Inspections and Examinations (OCIE) issues risk alerts on cybersecurity to keep registered broker-dealers, investment advisers, and investment companies up to date regarding SEC focus areas for cyber.
OCIE examinations have focused on firms’ written policies and procedures regarding cybersecurity, including validating and testing that such policies and procedures were implemented and followed.
This presentation was prepared by Greg Michaels and Terry Mason for the Duff & Phelps Alternative Investments conference.
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
Malware is an ailment many companies suffer from but the prescription for protection is simpler than you think. In this presentation, Vanderburg and Salamakha apply the five rights for avoiding drug errors to the malware problem at the Advanced Persistent Threats Summit.
1) Right client – Authentication
2) Right route – Gaps and strategies
3) Right drug – Security controls
4) Right dose – Security/business balance
5) Right time – Staying up to date.
Stay healthy, stay safe.
The document provides legal disclaimers and information about sustainable cybersecurity practices. It discusses starting cybersecurity at the administration level by making it cultural rather than technical, based on needs rather than vendor features, iterative and continuous. It also discusses establishing a data protection steering committee and reducing reliance on people by ensuring responsibilities are understood and policies and processes are documented. The document provides recommendations on cybersecurity frameworks, controls, and best practices.
Katherine Cancelado is a cybersecurity consultant with over 3 years of experience in penetration testing, vulnerability assessment, and incident response. She has an MSc in Cyber Security and certifications in system security and digital forensics. The document discusses cybersecurity and privacy risks women face online due to their underrepresentation in cybersecurity fields and management of personal data. It provides tips for protecting personal information at home and work such as using encryption, anonymizing internet use, and securely disposing of unused data. The agenda covers women in the workforce, online risks, privacy and data protection, mitigation strategies, and takes questions.
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
In this joint presentation for the ISSA-LA Summit X in Los Angeles, Jennifer Rathburn, a cybersecurity and data privacy law expert at Foley & Lardner LLP and William Dixon, Associate Managing Director in Kroll's Cyber Risk practice, highlight three incident response scenarios and tips on breach preparation and response.
To learn more, contact Jennifer or William at:
Jennifer Rathburn, Foley & Lardner LLP
jrathburn@foley.com; 414-297-5864
William Dixon, Kroll, a Division of Duff & Phelps
william.dixon@kroll.com; 213-247-3973
The Seven Deadly Sins of Incident ResponseLancope, Inc.
According to a recent study from Cisco, organizations show high levels of confidence in their security policies; but when it comes to their ability to scope and contain compromises, their confidence drops significantly.
Such statistics demonstrate that organizations continue to struggle with incident response.
Join Lancope’s security researcher, Brandon Tansey, and 451 Research’s senior analyst, Javvad Malik, to learn how to avoid The Seven Deadly Sins of Incident Response, and what you can do to improve your organization’s security posture.
Sins include:
- Lack of visibility/not understanding your environment
- Inability to separate the signal from the noise
- Modeling use cases on defenses, not attackers
This document introduces Entreda, a startup that provides predictive cybersecurity risk mitigation software for regulated enterprises. It provides an overview of Entreda's leadership team and board members, who have extensive experience in cybersecurity and related fields. The document also summarizes Entreda's corporate highlights, including its focus on the financial services industry, growth, partnerships, and technology which uses predictive analytics and a data-driven approach to assess and mitigate cybersecurity risks.
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
The document discusses cyber incident response plans and processes. It provides guidance on developing a cyber incident response team and plan that documents response scenarios and defines appropriate responses. The plan should include response team roles and responsibilities, reporting procedures, guidelines for initial response and investigation, recovery processes, public relations strategies, and law enforcement coordination. It also discusses common cyber attack scenarios and provides tips for investigating incidents and improving security practices after an attack.
Cyber Security Planning: Preparing for a Data BreachFletcher Media
Presented by Clark Insurance in Portland, Maine, this two hour seminar featured lead panelists in the privacy security business.
This presentation reviews all aspects of a data breach from preparation, discovery, plan implementation, cyber insurance, crisis communication and PR policies and protocols.
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
This document discusses challenges and best practices for cloud storage and security. It begins by introducing the panelists and outlining the topics to be discussed, which include realities and pain points of cloud storage, how and where cloud security could be compromised, navigating legal and regulatory compliance, and recommendations for deploying the right cloud storage strategy. Key points made include that sensitive data is often stored in the cloud without visibility, cloud breaches and unauthorized access are concerns, and regulations like GDPR and ISO 27001 provide security standards to consider. The document emphasizes knowing cloud vendors, evaluating costs and benefits, and establishing secure data management practices throughout the data lifecycle.
Cybersecurity Fundamentals by Shaw E. TumaKlemchuk LLP
The document discusses cybersecurity issues for law firms and businesses. It notes that while cyber attacks may seem sophisticated, most incidents are actually due to simple issues like weak passwords or phishing. The document then lists 15 common cybersecurity best practices for firms to implement, such as conducting risk assessments, training employees, implementing strong access controls and passwords, regularly backing up data, and planning incident responses. Implementing these types of basic practices can help firms better protect their and their clients' sensitive data from security threats.
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Cyber security in the maritime industry is a major concern due to a lack of awareness and the increasing use of communications technologies. Ships' systems like AIS, GPS and ECDIS could be vulnerable to attacks that modify or delete critical data, compromising safety. Most attackers seek financial gain by accessing payment systems or sensitive data. Proper security procedures and trained personnel are needed to identify and respond to potential threats. The Guidelines provide a risk-based approach for assessing operations and implementing necessary cyber security procedures to protect ships' systems and data.
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Albert Hui
Introduces "Hui's Hierarchy of CTIs", a reference model upon which cyber threat intelligence (CTI) can be classified, a 5W1H model for CTI contexts, and illustrates through examples what CTIs IR and TRM will find useful.
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
The document summarizes the findings of a survey conducted by Ponemon Institute on the state of cyber incident response programs. Some key findings from the survey include: organizations are ill-prepared to respond to cyber threats, cybersecurity budgets dedicate a low percentage to incident response preparedness, and network audit trails are seen as the most effective tool for detecting security breaches. The document recommends that organizations build dedicated incident response teams, assess team readiness, use metrics to measure effectiveness, and foster information sharing.
Effective cybersecurity for small and midsize businessesShawn Tuma
This presentation was delivered at the Center for American & International Law's Second Annual Cybersecurity & Data Privacy Law Conference on April 13, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
Cybersecurity & Data Privacy attorney Shawn Tuma delivered this presentation to the Mid-Year Meeting of the State Bar of Oklahoma's Intellectual Property Law Section on June 2, 2018. For more information visit www.shawnetuma.com
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
Getting in Shape – NYDFS Cyber Security Regulations Webinar
Presenters: Shawn Tuma, Cybersecurity & Data Protection Attorney, Scheef & Stone LLP | Bill Belcher, VP Americas, Boldon James In an initiative to protect New York’s financial services industry, a new State regulation has been introduced to protect consumers and financial institutions from cyber-attacks. Effective March 1, 2017, this risk-driven regulation requires all financial services institutions regulated by the Department of Financial Services (DFS) to establish and maintain a cyber security program that will protect both customers’ private data and the technology that supports this. The impact stretches down through the supply chain, as any organization that conducts business with the NYC financial services sector has to adopt the same level of data protection.
Watch this webcast to learn:
The key requirements of the NYC Cyber security regulation
How compliance is about process first, then people and technology
What organizations need to be doing to ensure they comply
How data classification can help ensure compliance
NYDFS Cybersecurity Regulations (23 NYCRR 500) New York is one of the biggest financial hubs in the world; as you can imagine where there is sensitive financial information, there are people who want to get their hands on it. It is for this reason major financial firms operating in New York will face stiff cyber security obligations under the new New York Department of Financial Services Cybersecurity Regulations (23 NYCRR 500). This regulation will apply to firms holding a banking, insurance or financial services licence to operate in New York. 23 NYCRR 500 has been effective as of March 1st 2017, although firms have 180 days from this introduction date to change internal systems in order to meet new compliance and regulation standards. This fact sheet outlines:
23 NYCRR 500 overview
Key dates for covered entities
Key tasks for compliance
How Boldon James can help
Please complete the adjoining form to request it.
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best PracticesKroll
The SEC Office of Compliance Inspections and Examinations (OCIE) issues risk alerts on cybersecurity to keep registered broker-dealers, investment advisers, and investment companies up to date regarding SEC focus areas for cyber.
OCIE examinations have focused on firms’ written policies and procedures regarding cybersecurity, including validating and testing that such policies and procedures were implemented and followed.
This presentation was prepared by Greg Michaels and Terry Mason for the Duff & Phelps Alternative Investments conference.
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
Malware is an ailment many companies suffer from but the prescription for protection is simpler than you think. In this presentation, Vanderburg and Salamakha apply the five rights for avoiding drug errors to the malware problem at the Advanced Persistent Threats Summit.
1) Right client – Authentication
2) Right route – Gaps and strategies
3) Right drug – Security controls
4) Right dose – Security/business balance
5) Right time – Staying up to date.
Stay healthy, stay safe.
The document provides legal disclaimers and information about sustainable cybersecurity practices. It discusses starting cybersecurity at the administration level by making it cultural rather than technical, based on needs rather than vendor features, iterative and continuous. It also discusses establishing a data protection steering committee and reducing reliance on people by ensuring responsibilities are understood and policies and processes are documented. The document provides recommendations on cybersecurity frameworks, controls, and best practices.
Katherine Cancelado is a cybersecurity consultant with over 3 years of experience in penetration testing, vulnerability assessment, and incident response. She has an MSc in Cyber Security and certifications in system security and digital forensics. The document discusses cybersecurity and privacy risks women face online due to their underrepresentation in cybersecurity fields and management of personal data. It provides tips for protecting personal information at home and work such as using encryption, anonymizing internet use, and securely disposing of unused data. The agenda covers women in the workforce, online risks, privacy and data protection, mitigation strategies, and takes questions.
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
In this joint presentation for the ISSA-LA Summit X in Los Angeles, Jennifer Rathburn, a cybersecurity and data privacy law expert at Foley & Lardner LLP and William Dixon, Associate Managing Director in Kroll's Cyber Risk practice, highlight three incident response scenarios and tips on breach preparation and response.
To learn more, contact Jennifer or William at:
Jennifer Rathburn, Foley & Lardner LLP
jrathburn@foley.com; 414-297-5864
William Dixon, Kroll, a Division of Duff & Phelps
william.dixon@kroll.com; 213-247-3973
The Seven Deadly Sins of Incident ResponseLancope, Inc.
According to a recent study from Cisco, organizations show high levels of confidence in their security policies; but when it comes to their ability to scope and contain compromises, their confidence drops significantly.
Such statistics demonstrate that organizations continue to struggle with incident response.
Join Lancope’s security researcher, Brandon Tansey, and 451 Research’s senior analyst, Javvad Malik, to learn how to avoid The Seven Deadly Sins of Incident Response, and what you can do to improve your organization’s security posture.
Sins include:
- Lack of visibility/not understanding your environment
- Inability to separate the signal from the noise
- Modeling use cases on defenses, not attackers
This document introduces Entreda, a startup that provides predictive cybersecurity risk mitigation software for regulated enterprises. It provides an overview of Entreda's leadership team and board members, who have extensive experience in cybersecurity and related fields. The document also summarizes Entreda's corporate highlights, including its focus on the financial services industry, growth, partnerships, and technology which uses predictive analytics and a data-driven approach to assess and mitigate cybersecurity risks.
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
The document discusses cyber incident response plans and processes. It provides guidance on developing a cyber incident response team and plan that documents response scenarios and defines appropriate responses. The plan should include response team roles and responsibilities, reporting procedures, guidelines for initial response and investigation, recovery processes, public relations strategies, and law enforcement coordination. It also discusses common cyber attack scenarios and provides tips for investigating incidents and improving security practices after an attack.
Cyber Security Planning: Preparing for a Data BreachFletcher Media
Presented by Clark Insurance in Portland, Maine, this two hour seminar featured lead panelists in the privacy security business.
This presentation reviews all aspects of a data breach from preparation, discovery, plan implementation, cyber insurance, crisis communication and PR policies and protocols.
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
This document discusses challenges and best practices for cloud storage and security. It begins by introducing the panelists and outlining the topics to be discussed, which include realities and pain points of cloud storage, how and where cloud security could be compromised, navigating legal and regulatory compliance, and recommendations for deploying the right cloud storage strategy. Key points made include that sensitive data is often stored in the cloud without visibility, cloud breaches and unauthorized access are concerns, and regulations like GDPR and ISO 27001 provide security standards to consider. The document emphasizes knowing cloud vendors, evaluating costs and benefits, and establishing secure data management practices throughout the data lifecycle.
Cybersecurity Fundamentals by Shaw E. TumaKlemchuk LLP
The document discusses cybersecurity issues for law firms and businesses. It notes that while cyber attacks may seem sophisticated, most incidents are actually due to simple issues like weak passwords or phishing. The document then lists 15 common cybersecurity best practices for firms to implement, such as conducting risk assessments, training employees, implementing strong access controls and passwords, regularly backing up data, and planning incident responses. Implementing these types of basic practices can help firms better protect their and their clients' sensitive data from security threats.
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Cyber security in the maritime industry is a major concern due to a lack of awareness and the increasing use of communications technologies. Ships' systems like AIS, GPS and ECDIS could be vulnerable to attacks that modify or delete critical data, compromising safety. Most attackers seek financial gain by accessing payment systems or sensitive data. Proper security procedures and trained personnel are needed to identify and respond to potential threats. The Guidelines provide a risk-based approach for assessing operations and implementing necessary cyber security procedures to protect ships' systems and data.
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Albert Hui
Introduces "Hui's Hierarchy of CTIs", a reference model upon which cyber threat intelligence (CTI) can be classified, a 5W1H model for CTI contexts, and illustrates through examples what CTIs IR and TRM will find useful.
Ponemon Report: Cyber Security Incident Response: Are we as prepared as we th...Lancope, Inc.
The document summarizes the findings of a survey conducted by Ponemon Institute on the state of cyber incident response programs. Some key findings from the survey include: organizations are ill-prepared to respond to cyber threats, cybersecurity budgets dedicate a low percentage to incident response preparedness, and network audit trails are seen as the most effective tool for detecting security breaches. The document recommends that organizations build dedicated incident response teams, assess team readiness, use metrics to measure effectiveness, and foster information sharing.
Effective cybersecurity for small and midsize businessesShawn Tuma
This presentation was delivered at the Center for American & International Law's Second Annual Cybersecurity & Data Privacy Law Conference on April 13, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
Cybersecurity & Data Privacy attorney Shawn Tuma delivered this presentation to the Mid-Year Meeting of the State Bar of Oklahoma's Intellectual Property Law Section on June 2, 2018. For more information visit www.shawnetuma.com
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
Cybersecurity attorney Shawn Tuma discusses the importance of cybersecurity for law firms. He notes that cybersecurity and privacy issues impact all law firms as clients demand adequate security and firms store sensitive data for multiple clients. While most breaches are from simple issues like weak passwords, law firms remain an attractive target. Tuma outlines 15 common cybersecurity best practices that firms should implement, such as risk assessments, security policies, workforce training, access controls, backups, and incident response plans. He emphasizes adopting a comprehensive cyber risk management program to protect firms from threats.
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to the meeting of Women's In-House Network - DFW on April 27, 2017.
This presentation included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies and the EU's General Data Protection Regulation (GDPR).
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
OSB50: Operational Security: State of the UnionIvanti
The document discusses operational security and the state of cyber threats. It provides an overview of key trends including less control over data and devices, more complex networks, the rise of insecure internet of things devices, and the need for security to balance risk mitigation and enable business opportunities. Survey results show that security tasks are often split between IT and security teams. The document argues that organizations need to take a risk-based approach to security centered around understanding inherent risks, how assets could be compromised, and ensuring effective controls are in place. It also discusses challenges to achieving effective security.
Information Technology Security BasicsMohan Jadhav
The document discusses various topics related to IT security basics. It begins by providing two examples of security breaches to illustrate why security is important. It then discusses the four virtues of security and the nine rules of security. The document also defines information security, its goal of ensuring confidentiality, integrity and availability of systems, and the potential impacts of security failures. Additionally, it outlines common security definitions, 10 security domains, and provides an overview of access control and application security.
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
This document summarizes a presentation on cybersecurity risks for law firms and how to protect sensitive client data. The presentation covers:
1. Tips for preventing cyberattacks including having security plans, policies for employees and vendors, and implementing best practices.
2. The response required after a data breach, including activating an incident response plan, securing systems, notifying authorities and counsel, and conducting forensics.
3. Different legal obligations for law firms compared to corporations after a breach in terms of state breach notification laws and preserving attorney-client privilege.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Spencer Fane LLP Cybersecurity and Data Privacy attorney Shawn Tuma delivered "The Legal Case for Cyber Risk Management Programs and What They Should Include" at the Texas Society of Certified Public Accountants' TSCPA CPE 2018 CPE Expo Conference on November 30, 2018, in Addison, Texas.
In this presentation we will look at the cause and effect of the problem, analyze preparedness and learn how you can better prepare, detect, respond and recover from cyber-attacks.
Information Security vs IT - Key Roles & ResponsibilitiesKroll
Marc Brawner is a Principal with Kroll's Cyber Security & Investigations team. In this presentation to the Tennessee Bankers Association, Marc explains the key roles & responsibilities of the information security and information technology teams for increased cyber security
Data Privacy, Data Security, and Data Protection are three terms that are commonly renowned these days, as the entire internet is based on data and to make sure that nobody uses it negatively awareness of these three terms is crucial. In this blog, we will understand more about security and its importance in data privacy.
How to Secure Data Privacy in 2024.pptxV2Infotech1
Data Privacy, Data Security, and Data Protection are three terms that are commonly renowned these days, as the entire internet is based on data and to make sure that nobody uses it negatively awareness of these three terms is crucial. In this blog, we will understand more about security and its importance in data privacy.
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
This document discusses cybersecurity threats facing accounting firms and their clients. It provides examples of major data breaches in recent years that impacted millions of customer accounts. While many firms believe they are protected, the document cites statistics showing that most have no formal cybersecurity or internet use policies. It also discusses new regulations and standards, like the HIPAA Omnibus Rules and a recent Executive Order, that require firms to improve their cybersecurity practices to safeguard sensitive data. The role of a Virtual Chief Security Officer is introduced to help firms address these growing risks and compliance requirements.
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
This document provides biographical and career information about Shritam Bhowmick. It lists his current and previous professional roles, including as an AVP of Labs at Lucideus Tech where he performs application security assessments and R&D, as well as previous roles as an application security trainer and in security roles at other companies. It also notes some of his hobbies include the areas of his professional work.
Cyber security refers to protecting networks, devices, programs and data from unauthorized access or cyber attacks. It involves technologies and practices to ensure security, availability and integrity of information systems. Without proper cyber security measures like risk assessments, organizations risk exposing sensitive data like intellectual property, financial information and personal data. The top five cyber risks are ransomware, phishing, data leakage from mobile devices, hacking, and insider threats from employees. Organizations should implement security best practices like access controls, malware protection, software updates, data backups and employee training to mitigate these risks.
Equilibrium Security Methodology 030414 Final v2marchharvey
The document discusses assessing and remediating business IT security risks. It states that traditional defenses like firewalls and antivirus software are no longer enough, and that hackers are constantly looking for vulnerabilities. It recommends conducting security assessments to identify weaknesses before hackers do. Once weaknesses are found, organizations should fix them and implement a risk-based security lifecycle of ongoing assessment, remediation, and testing to continuously monitor for new threats. Equilibrium offers IT security services to help identify vulnerabilities, design solutions, and test their effectiveness for clients.
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfSecureCurve
Security and privacy are crucial elements for protecting digital assets. As the use of technology continues to increase, so does the risk of cyber-attacks and data breaches.
Similar to Why Your Organization Must Have a Cyber Risk Management Program and How to Develop It (20)
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Southern Methodist University Digital Branding Class on October 27, 2020.
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Columbia University for the Executive Masters of Technology Management Program on November 21, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Northwestern State University's Fall Continuing Legal Education Conference on November 18, 2020.
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Dallas Baptist University Reimagine Technology Conference course in Dallas, Texas on November 18, 2020.
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Texas Bar CLE's Making and Breaking Iron-Clad Contracts course in Austin, Texas on March 6, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma delivered this presentation on April 9, 2019, at the Oklahoma State University 4th Annual Cyber Security Conference in Oklahoma City, Oklahoma.
In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of cybersecurity and data breach cases that have helped him understand the real-world risks companies face and the practical things they can do to prioritize their resources and effectively manage cyber risk. In this presentation, he will share his experience on issues such as:
· Why cybersecurity is an overall business risk issue that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and how to personalities and psychology can impact that team
· The most likely real-world risks that most companies face
· How to prioritize limited resources to effectively manage the most likely real-world risks
· What is reasonable cybersecurity
· How to develop, implement, and mature a cyber risk management program
· Why cyber insurance is a critical component of the cyber risk management process
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
Renaissance Executive Forums 2019 CEO Summit presentation by Shawn E. Tuma, Co-Chair, Data Privacy & Cybersecurity Group, Spencer Fane, LLP
March 7, 2019
Dallas, Texas
The document provides a checklist of good cyber hygiene practices for companies. It recommends starting with a risk assessment and developing written cybersecurity policies covering data protection, monitoring, privacy, access limits, passwords, and BYOD. It also stresses training employees on policies, conducting phishing tests, using multi-factor authentication, antivirus software, access controls, updating software and backups. The checklist additionally includes recommendations for encrypting sensitive data, adequate logging, an incident response plan, third-party risk management, firewalls and cyber risk insurance.
This checklist outlines the steps a company should take in response to a cyber incident. It includes determining if the incident warrants escalation, documenting decisions, mitigating any ongoing compromise, engaging legal counsel, activating an incident response plan, notifying relevant parties such as insurers and business partners, investigating the scope of data compromised, assessing legal obligations, determining if law enforcement or public notification is required, and implementing measures to prevent future breaches. The checklist emphasizes having an incident response plan in place before a breach occurs to facilitate a coordinated response.
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
Cybersecurity requires a strategic, team-based approach. Effective cybersecurity teams require an understanding of roles, personalities, and psychology. Strategic leadership is needed to develop both proactive security and reactive incident response teams. Tabletop exercises are important for assessing teams and allowing members to practice their roles. While cybersecurity lawyers cannot provide a "magic wand" of privilege, they can help by actively leading risk management programs and investigations to maximize potential privilege protections.
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
Reginald A. Hirsch and Shawn E. Tuma presented this talk at the Annual Meeting of the State Bar of Texas for the Law Practice Management Section of the State Bar of Texas. The date of the talk was June 22, 2018, and the location was Houston, Texas.
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
The document summarizes New York's Department of Financial Services cybersecurity regulations. It provides an overview of key dates for covered entities to comply with various aspects of the regulations, describes which businesses are considered covered entities and subject to the rules. It also summarizes several of the main components required by covered entities, including maintaining a cybersecurity program, designating a chief information security officer, conducting risk assessments, implementing controls like multi-factor authentication, and reporting cybersecurity events.
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
Dallas cybersecurity and data privacy attorney Shawn Tuma delivered this presentation on social media law to Social Media Breakfast on February 22, 2018.
Genocide in International Criminal Law.pptxMasoudZamani13
Excited to share insights from my recent presentation on genocide! 💡 In light of ongoing debates, it's crucial to delve into the nuances of this grave crime.
Business law for the students of undergraduate level. The presentation contains the summary of all the chapters under the syllabus of State University, Contract Act, Sale of Goods Act, Negotiable Instrument Act, Partnership Act, Limited Liability Act, Consumer Protection Act.
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee
Presentation slides for a session held on June 4, 2024, at Kyoto University. This presentation is based on the presenter’s recent paper, coauthored with Hwang Lee, Professor, Korea University, with the same title, published in the Journal of Business Administration & Law, Volume 34, No. 2 (April 2024). The paper, written in Korean, is available at <https://shorturl.at/GCWcI>.
The Future of Criminal Defense Lawyer in India.pdfveteranlegal
https://veteranlegal.in/defense-lawyer-in-india/ | Criminal defense Lawyer in India has always been a vital aspect of the country's legal system. As defenders of justice, criminal Defense Lawyer play a critical role in ensuring that individuals accused of crimes receive a fair trial and that their constitutional rights are protected. As India evolves socially, economically, and technologically, the role and future of criminal Defense Lawyer are also undergoing significant changes. This comprehensive blog explores the current landscape, challenges, technological advancements, and prospects for criminal Defense Lawyer in India.
Why Your Organization Must Have a Cyber Risk Management Program and How to Develop It
1. Shawn E. Tuma | Scheef & Stone, LLP
Cybersecurity & Data Privacy Attorney
214.472.2135 | Shawn.tuma@solidcounsel.com
Why Your Organization Must
Have a Cyber Risk Management
Program and How to Develop it
@shawnetuma
BusinessCyberRisk.com
5. Legal Obligations.
Easily preventable
• 90% in 2014
• 91% in 2015
▪ Types
▪ Security
▪ Privacy
▪ Unauthorized Access
▪ International Laws
▪ Privacy Shield
▪ GDPR
▪ Federal Laws & Regs.
▪ HIPAA, GLBA, FERPA
▪ FTC, FCC, SEC
▪ State Laws
▪ 48 states (AL & SD)
▪ NYDFS & Colorado FinServ
▪ Industry Groups
▪ PCI, FINRA, etc.
▪ Contracts
▪ 3rd Party Bus. Assoc.
▪ Data Security Addendum
6. The real-world threats are not so sophisticated.
Easily preventable
• 90% in 2014
• 91% in 2015
• 63% confirmed breaches from weak,
default, or stolen passwords
• Data is lost over 100x more than stolen
• Phishing used most to install malware
Easily Avoidable Breaches
90% in 2014
91% in 2015
91% in 2016 (90% from email)
7. Common
Cybersecurity
Best Practices
1. Risk assessment.
2. Policies and procedures focused on cybersecurity.
• Social engineering, password, security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and malware detection.
6. Access controls.
7. Security updates and patch management.
8. Multi-factor authentication.
9. Backups segmented offline and redundant.
10. No outdated or unsupported software.
11. Incident response plan.
12. Encrypt sensitive and air-gap hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment & management.
15. Intrusion detection and intrusion prevention systems.
8. Does your
company have
reasonable
cybersecurity?
In re Target Data Security Breach
Litigation, (Financial Institutions)
(Dec. 2, 2014)
F.T.C. v. Wyndham Worldwide Corp.,
799 F.3d 236 (3rd Cir. Aug. 24, 2015).
1. Risk assessment.
2. Policies and procedures focused on cybersecurity.
• Social engineering, password, security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and malware detection.
6. Access controls.
7. Security updates and patch management.
8. Multi-factor authentication.
9. Backups segmented offline and redundant.
10. No outdated or unsupported software.
11. Incident response plan.
12. Encrypt sensitive and air-gap hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment & management.
15. Intrusion detection and intrusion prevention systems.
9. Does your
company have
reasonable
cybersecurity?
In re Target Data Security Breach
Litigation, (Financial Institutions)
(Dec. 2, 2014)
F.T.C. v. Wyndham Worldwide Corp.,
799 F.3d 236 (3rd Cir. Aug. 24, 2015).
1. Risk assessment.
2. Policies and procedures focused on cybersecurity.
• Social engineering, password, security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and malware detection.
6. Access controls.
7. Security updates and patch management.
8. Multi-factor authentication.
9. Backups segmented offline and redundant.
10. No outdated or unsupported software.
11. Incident response plan.
12. Encrypt sensitive and air-gap hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment & management.
15. Intrusion detection and intrusion prevention systems.
10. Does your
company have
adequate
internal network
controls?
FTC v. LabMD, (July 2016 FTC
Commission Order)
1. Risk assessment.
2. Policies and procedures focused on cybersecurity.
• Social engineering, password, security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and malware detection.
6. Access controls.
7. Security updates and patch management.
8. Multi-factor authentication.
9. Backups segmented offline and redundant.
10. No outdated or unsupported software.
11. Incident response plan.
12. Encrypt sensitive and air-gap hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment & management.
15. Intrusion detection and intrusion prevention systems.
11. Does your
company have
written policies
and procedures
focused on
cybersecurity?
SEC v. R.T. Jones Capital Equities
Mgt., Consent Order (Sept. 22, 2015)
1. Risk assessment.
2. Policies and procedures focused on cybersecurity.
• Social engineering, password, security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and malware detection.
6. Access controls.
7. Security updates and patch management.
8. Multi-factor authentication.
9. Backups segmented offline and redundant.
10. No outdated or unsupported software.
11. Incident response plan.
12. Encrypt sensitive and air-gap hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment & management.
15. Intrusion detection and intrusion prevention systems.
12. Does your
company have a
written
cybersecurity
incident
response plan?
SEC v. R.T. Jones Capital Equities
Mgt., Consent Order (Sept. 22, 2015)
1. Risk assessment.
2. Policies and procedures focused on cybersecurity.
• Social engineering, password, security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and malware detection.
6. Access controls.
7. Security updates and patch management.
8. Multi-factor authentication.
9. Backups segmented offline and redundant.
10. No outdated or unsupported software.
11. Incident response plan.
12. Encrypt sensitive and air-gap hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment & management.
15. Intrusion detection and intrusion prevention systems.
13. Does your
company
manage third-
party cyber risk?
In re GMR Transcription Svcs, Inc.,
Consent Order (August 14, 2014).
1. Risk assessment.
2. Policies and procedures focused on cybersecurity.
• Social engineering, password, security questions
3. Training of all workforce.
4. Phish all workforce (esp. leadership).
5. Signature based antivirus and malware detection.
6. Access controls.
7. Security updates and patch management.
8. Multi-factor authentication.
9. Backups segmented offline and redundant.
10. No outdated or unsupported software.
11. Incident response plan.
12. Encrypt sensitive and air-gap hypersensitive data.
13. Adequate logging and retention.
14. Third-party security risk assessment & management.
15. Intrusion detection and intrusion prevention systems.
14. How mature is
your company’s
cyber risk
management
program?
In re GMR Transcription Svcs, Inc.,
Consent Order (August 14, 2014).
“GMR Transcription Services, Inc. . . . Shall . . . establish
and implement, and thereafter maintain, a
comprehensive information security program that is
reasonably designed to protect the security,
confidentiality, and integrity of personal information
collected from or about consumers. Such program, the
content and implementation of which must be fully
documented in writing, shall contain administrative,
technical, and physical safeguards appropriate to
respondents’ or the business entity’s size and complexity,
the nature and scope of respondents’ or the business
entity’s activities, and the sensitivity of the personal
information collected from or about consumers”
15. www.solidcounsel.com
New York Department of Financial Services Cybersecurity (NYDFS)
Requirements for Financial Services Companies + [fill in]
• All NY “financial institutions” + third party service providers.
• Third party service providers – examine, obligate, audit.
• Establish Cybersecurity Program (w/ specifics):
• Logging, Data Classification, IDS, IPS;
• Pen Testing, Vulnerability Assessments, Risk Assessment; and
• Encryption, Access Controls.
• Adopt Cybersecurity Policies.
• Designate qualified CISO to be responsible.
• Adequate cybersecurity personnel and intelligence.
• Personnel Policies & Procedures, Training, Written IRP.
• Chairman or Senior Officer Certify Compliance.
16. EU – General Data Protection Regulation (GDPR)
• Goal: Protect all EU residents from privacy and data breaches.
• When: May 25, 2018.
• Reach: Applies to all companies (controllers and processors):
• Processing data of EU residents (regardless of where processing),
• In the EU (regardless of where processing), or
• Offering goods or services to EU citizens or monitoring behavior in EU.
• Penalties: up to 4% global turnover or €20 Million (whichever is greater).
• Remedies: data subjects have judicial remedies, right to damages.
• Data subject rights:
• Breach notification – 72 hrs to DPA; “without undue delay” to data subjects.
• Right to access – provide confirmation of processing and electronic copy (free).
• Data erasure – right to be forgotten, erase, cease dissemination or processing.
• Data portability – receive previously provided data in common elect. format.
• Privacy by design – include data protection from the onset of designing systems.
26. • Board of Directors & General Counsel, Cyber Future Foundation
• Board of Advisors, NorthTexas Cyber Forensics Lab
• Policy Council, NationalTechnology Security Coalition
• CybersecurityTask Force, IntelligentTransportation Society ofAmerica
• Cybersecurity & Data Privacy LawTrailblazers, National Law Journal (2016)
• SuperLawyersTop 100 Lawyers in Dallas (2016)
• SuperLawyers 2015-16 (IP Litigation)
• Best Lawyers in Dallas 2014-16, D Magazine (Digital Information Law)
• Council, Computer &Technology Section, State Bar ofTexas
• Privacy and Data Security Committee of the State Bar ofTexas
• College of the State Bar ofTexas
• Board of Directors, Collin County Bench Bar Conference
• Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association
• Information Security Committee of the Section on Science &Technology
Committee of the American Bar Association
• NorthTexasCrime Commission, Cybercrime Committee & Infragard (FBI)
• International Association of Privacy Professionals (IAPP)
• Board of Advisors Office of CISO, Optiv Security
Shawn Tuma
Cybersecurity Partner
Scheef & Stone, L.L.P.
214.472.2135
shawn.tuma@solidcounsel.com
@shawnetuma
blog: www.shawnetuma.com
web: www.solidcounsel.com