This book is for cybersecurity and privacy professionals, cybersecurity and privacy lawyers, law students, and anyone interested in learning the cybersecurity laws that apply to an entity based on the entity’s business model(s) and data collection model(s). For example, what is the applicable Securities and Exchange Commission (SEC) cybersecurity law if an entity provides an alternate trading platform (ATP) with a daily trading volume of 50,000? The authors combine years of technical and legal experience in providing a map for cybersecurity counseling based on an understanding of the CISO’s technical cybersecurity issues and how they fit into today’s cybersecurity law challenges. The authors explain the difference and overlap between privacy law, cybersecurity law, and cybersecurity. Those interested in speaking the same cybersecurity language as a Chief Information Security Officer (CISO) will benefit. The first chapter provides a review of cybersecurity. For example, key to any discussion on cybersecurity is the Confidentiality, Integrity, and Availability (CIA) of data. Learn how to implement policy-based “reasonable security measures” frameworks for your organization that form a legal defense to cybersecurity-based actions brought by U.S. agencies such as the Federal Trade Commission (FTC) and state Attorney Generals. A high-level discussion of the National Institute of Science and Technology (NIST) cybersecurity frameworks is included as well as data breach laws, anti-hacking related laws and some international issues.

This book provides a relatively comprehensive examination of cybersecurity related laws that would be helpful for lawyers, law students, and Chief Information Security Officers (CISOs) and other cybersecurity and privacy professionals. The book outlines and details the U.S. federal sectoral approach to cybersecurity, such as covering the Gramm-Leach-Bliley Act and regulations, and the Health Insurance Portability and Accountability Act Security Rule, as well as an examination of state laws impacting cybersecurity, such as data breach notification, privacy and state education laws. International issues as well as specific topics such as ransomware and the Internet of things are addressed. Notably, the book provides a review of the role of the cybersecurity professional, risk assessment as well as the National Institute of Standards and Technology (NIST) risk assessment framework, and laws related to hacking.