We all know we need to update our software, backup our critical data, install and maintain antimalware software and firewalls, manage robust contingency and recovery plans, not open funky emails, audit everything, blah blah blah. So what's wrong with us? Why don't we all do these things consistently?
I'd like to think that everything we have been lectured, reminded, scolded, chastised, and even ridiculed about in the way of protecting our digital assets is doable and reasonable, but face it – sometimes it's not. Costs, number of hours in the day, distractions, urgent priorities, sleep, other crises, get in the way. Or, to put it simply, we get lazy or "have better things to do."
In today’s litigious business world, cyber-related matters could land you in court. As a computer security professional, you are protecting your data, but are you protecting your company? While you know industry standards and regulations, you may not be a legal expert. Fortunately, in a few hours of reading, rather than months of classroom study, Tari Schreider’s The Manager’s Guide to Cybersecurity Law: Essentials for Today’s Business, lets you integrate legal issues into your security program.
Tari Schreider, a board-certified information security practitioner with a criminal justice administration background, has written a much-needed book that bridges the gap between cybersecurity programs and cybersecurity law. He says, “My nearly 40 years in the fields of cybersecurity, risk management, and disaster recovery have taught me some immutable truths. One of these truths is that failure to consider the law when developing a cybersecurity program results in a protective façade or false sense of security.”
Throughout the business world, breaches have become a constant reminder of the critical need to assess and take action on cyberrisk. But they can also make addressing the issue seem like an ever more daunting task, leading many to either put off substantive measures or blindly buy the latest insurance or software to “take care”…