Chapter 17 Legal and Compliance

American Bar Association Cybersecurity Legal Task Force Harvey Rishikof, Chair, Advisory Committee to the Standing Committee on Law and National Security, USA Conor Sullivan, Law Clerk for the Standing Committee on National Security, USA

Lawyers. Tom reluctantly swiveled away from his workstation to face the creatures before him. There sat two of the breed, ties drawn tight around their necks and dark suits set in stark contrast to the beige office. His general counsel Alain, spoke first: “Tom, I know you asked our office to advise you today about what legal and compliance capability we can bring to bear for cybersecurity, so I brought with me one of our staff attorneys who’s had prior experience with cyber. As you know, lawyers are like wolves; we never travel alone. We actually have several worrisome conclusions which we think you really should consider.”

It is beneficial to spend some time understanding the legal paradigms that drive cyber law today. For our purposes, it is worth examining the legal frameworks in the two places modern organizations are perhaps the most likely to do business subject to cyber regulations: the European Union and the United States. Before doing so, let us overview how the regulatory dots are connected as in Table 17.1.

Table 17.1 Connecting the Regulatory Dots

WHAT to Protect WHY Protect It Protect from WHOM Protected by WHOM Typical Methods
Personal data of employees and customers Human rights/regulatory ...

Get The Cyber Risk Handbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.