After the Breach: Legal and Technical Issues

Long before it actually happens, every organization should prepare for when their networks are breached. Do you even know what you have to do? This presentation will discuss legal notification requirements and some of the technical solutions that reduce the reporting requirements and protect your firm. This discussion is intended to familiarize CIOs and staff with the legal issues before their firm lawyers ever get involved. We will cover:

1) Factors in deciding to act for litigation or solely for recovery
2) What kinds of internal investigations are protected from discovery in litigation and more importantly, what kinds are not.
3) Who can and should do your data forensics
4) Existing breach notification in Texas, the rest of the United States, and the world.
5) The trend in breach notification
6) Non-breach required notifications in Texas.

Joel Colvin has been a security consultant since 1992 and an attorney since 2015. If you would like to know more or have a version of this presentation at your organization, please contact him at jcolvin@jcolvinlaw.com.

Information Classification Should Drive IT Planning

Information classification is an integral part of implementing an information security framework and performing risk assessments. Proper classification leads to the selection of appropriate controls. When the goal of information security is to protect, how can this be done without knowing what value differing information types have to the organization? What’s more, information classification can be the method to trigger technology planning for the whole organization well beyond the selection of security controls.

[Read more…]