From the Blogosphere
Staying Compliant in the Cloud Without a Cybersecurity Attorney By @BThies | @CloudExpo #Cloud
Compliance can be achieved without them
By: Brad Thies
Nov. 26, 2015 01:00 PM
Cybersecurity is a complex field, and with laws varying across states and countries, keeping cloud usage compliant can become a real headache for enterprise security decision-makers.
As regulations continue to lag behind the rapid pace of technological advancements, many IT security professionals turn to the expertise of cybersecurity lawyers, who not only understand the ambiguities of the law, but are also able to secure and protect their employers' interests in the case of a breach.
When Is a Cybersecurity Attorney Needed?
The use of such legal experts should be incorporated into the incident response plan in addition to having the experts review procedures. When a breach does occur, the public relations team cannot be left to draft communications on its own.
Each state has its own laws on what is required when making a breach public. The laws set thresholds for dollars and numbers of affected records, and even criteria relating to the level of data encryption, to help determine whether a breach must be reported. This means companies have to be careful when disclosing breaches, as poor communication can risk litigation.
Staying Compliant Without One
The creation of an information security plan, for instance, is a task far better suited to IT security professionals and chief security officers than to lawyers, as are decisions regarding cloud strategy. When it comes to ongoing monitoring of the environment and cloud services, unbelievable technologies are available to support information security management and to serve as the eyes and ears preventing a serious compromise of data.
A cybersecurity attorney is not equipped with the experience of running governance programs or of managing risk and compliance activities for all aspects of cloud computing. The CSO must instead take the lead on those.
Performing a Risk Assessment
Once the security environment has been assessed and its maturity defined, companies must look to implement a framework that improves security in the following elemental areas:
Source: KPMG LLP's Security Maturity Continuum
Several IT governance, risk and compliance tools can be used when building the best security management programs. These help the system to run smoothly and also aid adaptation to changes in personnel, ensuring that employee turnover doesn't lead to a breach.
Cybersecurity attorneys are still important in times of crisis, but for day-to-day security they are an expensive luxury. Compliance can be achieved without them.
Latest Cloud Developer Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week