Skirting the Tornado: Essential Strategies for CISOs to Sidestep Government Fallout

Skirting the Tornado: Essential Strategies for CISOs to Sidestep Government Fallout in the Wake of Major Cyberattacks Recent federal regulatory and criminal enforcement actions and investigations especially SEC v. Solarwinds and Tim Brown, (the first case in which a CISO has been charged with intentional securities fraud for failing to report cyber security vulnerabilities to a company's shareholders) are putting extreme pressure on information security roles—especially that of CISO—by introducing the possibility of individual regulatory and criminal liability for alleged corporate reporting failures that are well outside of what we traditionally view as information security responsibilities. My talk will lay out the current state of play re: CISO liability at the federal level, including providing behind the scenes knowledge (inside baseball) from the prior seminal InfoSec liability cases including In Re Yahoo and U.S. v. Joe Sullivan (Uber), and also an in-depth analysis of what is going on in SEC v. Brown. I will then discuss practical lessons learned from these cases, including answering the following questions: 1) What steps should CISOs and InfoSec professionals take to make sure they are not the next person selected for the federal "hot seat" by corporate choice or happenstance? 2) How can InfoSec professionals make sure they are protected to the maximum possible extent in the event they are targeted, including personal indemnity and Directors & Officers Insurance considerations and opportunities? 3) What are some of the red flags regarding personal liability that CISOs and InfoSec Pros should be looking for in the moment of crisis, and what are some best practices for how to handle them? By the end of this talk, the threat of federal criminal and regulatory liability for CISOs and other InfoSec Pros will be demystified and the audience members will leave with practical steps to take to ensure they will never end up on the wrong side of the "v", meaning U.S. v. ___ or SEC v. ___. By: Jess Nall | Partner, Baker McKenzie, LLP Full Abstract Available: https://ift.tt/fKqEVB7

source https://www.youtube.com/watch?v=nN98kwL35I8