Two New Treatises Provide Focus on Cybersecurity Compliance and Resilience

Data Privacy and Cybersecurity Compliance for Corporations and their Counsel by Dr. James Ottavio Castagnera and Prof. Paul Edmund Flanagan reviews the federal and state privacy law landscape and provides practical guidance to enable effective handling of legal requirements and business challenges, including:

• An overview of federal statutes and regulations, as well as federal standards like the Cybersecurity Maturity Model Certification (CMMC) from the Defense Department and the NIST Cybersecurity Framework;
• A comprehensive breakdown of significant state legislative and regulatory initiatives, including the California Consumer Privacy Act (CCPA), the Colorado Privacy Act (CPA), the Virginia Consumer Data Protection Act (VCDPA), the Illinois Biometric Information Privacy Act (BIPA, and New York’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act);
• Information on what corporations can expect in the ever-evolving cybersecurity landscape, focusing on the potential for regulation of privacy at the federal level laws governing kid’s online safety, and potential regulation of artificial intelligence;
• A breakdown of the roles, responsibilities and expectations of corporate officers and employees, describing fiduciary duties and the role of the corporate board, C-suite, general counsel, and compliance and security personnel;
• Various strategies and tactics, including a model data privacy policy and information on audits, internal investigations and employee training; and
• Crisis management techniques like managing data breaches and ransomware attacks, employee misappropriation of IP, and lawsuits.

Cybersecurity Resilience Planning Handbook by Geoffrey Wold, CEO of Seasoned Consulting, Inc., specializing in IT security and control plans, including cybersecurity, describes a methodology for cybersecurity planning focused on cyber risks, related threats, tools for addressing such threats, and the processes needed to build more secure systems and to continuously monitor and improve all facets of cybersecurity.

• Each chapter provides practical guidance, including cyber resilience best practices, as well as a plethora of exhibits, risk assessment worksheets, and draft policy documents.
• Appendices include an explanation of cybersecurity and cybertechnology terms and an outline for a cybersecurity resilience implementation plan.
• Also included are:
  • An outline of relevant cybersecurity laws and frameworks, including guidance on NIST, AICPA and HIPAA standards;
  • Analysis of cybersecurity risk, potential security impacts, and mitigation strategies, as well as the methods to manage and govern the technology, people, and processes needed to maintain appropriate cybersecurity measures;
  • Detailed descriptions of technologies available to enhance an organization’s cybersecurity posture; and cybersecurity controls, including preventive, detective, corrective and event predictive controls.