When I worked with my team to launch our first product EvergreenLearners.com, cybersecurity and privacy were absolutely paramount given the nature of our service (involving kindergarten 12 students and their caregivers). Tari Cybersecurity Laws` book, Standards and Regulations has been a great resource to make sure our (new) company is aware of online privacy laws, especially copaa. Not only has the book helped me make cybersecurity law accessible, but it has also become the foundation for how we integrate cybersecurity and privacy practices into the DNA of our culture, products, and services. « Since it`s not about `if,` but `when` your company will be involved in a cyber lawsuit, reading Tari Schreider`s book will help you stay in the guardrails of the ever-changing dynamics of doing business. » • Looks at state surveillance laws and privacy laws that impact cybersecurity, As well as each of the data breach notification laws in 47 states and the District of Columbia Schreider You go beyond security standards and regulatory controls to ensure that your current or future cybersecurity program complies with all laws and jurisdictions. Hundreds of citations and references also allow you to dig deeper while examining specific topics relevant to your organization or study. This book should also be read before your next discussion with your company legal department. Schreider has designed and implemented complex cybersecurity programs, including a Red Team penetration testing program for one of the world`s largest oil and gas companies, a NERC CIP compliance program for one of Canada`s largest electric utility companies, an integrated security screening program for one of the largest 911 systems in the U.S., and a cybersecurity service architecture for one. of the largest retailers in the United States. He has advised organizations around the world, including Brazil, China, India and South Africa, on how to improve their cybersecurity programs. « This book bridges the gap between cybersecurity and the law, giving you the right tools and common language to effectively communicate with your board so that money spent on cybersecurity is spent wisely. « As a former CISO, I absolutely wanted to have access to this document to help me learn more about cybersecurity laws, standards and regulations.
This new edition also responds to the rapid changes in the cybersecurity industry, the threat landscape and vendors. It addresses the growing risk of zero-day attacks, the growth of government-sponsored adversaries and the consolidation of cybersecurity products and services, as well as important updates to cybersecurity standards, source connections, and products. In today`s controversial business world, cybersecurity issues could sue you. As an IT security expert, you protect your data, but do you protect your business? While you are familiar with industry standards and regulations, you may not be a legal expert. Fortunately, Tari Schreider`s Cybersecurity Law, Standards and Regulations (2nd Edition) allows you to incorporate legal issues into your security curriculum in a matter of hours of reading instead of months of teaching. Tari Schreider is a proven technologist and nationally recognized expert in cybersecurity, risk management and disaster recovery. Previously, he was Chief Security Architect at Hewlett-Packard Enterprise and National Practice Director for Security and Disaster Recovery at Sprint E| Solutions. Schreider is a lecturer at EC-Council, where he teaches advanced courses in CISO certification and risk management. I have integrated a series of « did you know » caption boxes that highlight interesting and relevant legal cases, precedents or events that bring the information discussed to life to show you that what I am presenting actually happened. To help you retain the information in this book and improve your cyber law skills, each chapter includes ten questions at your own pace. You should use this book as a virtual reference library for cybersecurity laws and as a cyber law paralegal on demand. • Highlights companies` compliance obligations with an in-depth analysis of important U.S.
and international laws that apply to cybersecurity issues When I think about who should read this book, my first thoughts were any cybersecurity expert. This book provides the tools they need to develop a solid business case on why a company should invest in cybersecurity. The book explains how laws work, including a gift bag for each section with concrete facts and real-life examples of the consequences and costs of doing nothing, so this book is a tool for the cybersecurity expert to integrate cybersecurity risks into something concrete that the board can understand. I recommend this book to any cybersecurity enthusiast because cybersecurity laws, standards, and regulations play a crucial role in any discussion of modern security, but I also recommend this book as an indispensable reference for any technology or security author like me. Every time I flip through it and see a chart or matrix of laws, fines, regulations, or violations, I have new ideas for writing new blogs and editorials. As another author, I found the sections on GDPR, law violations, and cryptography full of useful information and will come back to them regularly to study them. Tari Schreider, a board-certified information security practitioner with a background in criminal justice administration, has written a much-needed book that bridges the gap between cybersecurity programs and cybersecurity laws. He says, « My nearly 40 years in cybersecurity, risk management and disaster recovery have taught me immutable truths. One of these truths is that non-compliance with the law in developing a cybersecurity program leads to a protective façade or a false sense of security. JEFF KOSSEFF is an Assistant Professor of Cybersecurity Law at the U.S. Naval Academy in Annapolis, Maryland.
He speaks and writes frequently about cybersecurity and has been a technology and political reporter at The Oregonian, a Pulitzer Prize finalist, and recipient of the George Polk Award for National Reporting. As a former Chief Security Architect for fortune 100 and a cybersecurity strategist and instructor, Tari leverages his years of experience in technical security program development and compliance assessment to articulate the full spectrum of cybersecurity operationalization in your organization. Whether it`s supporting understanding of the fundamentals of cybersecurity law or describing the key elements of regulations and laws needed to ensure the protection of information, Tari – in the words of one cybersecurity colleague – turns « the obscure into evidence in a way that eliminates misunderstandings. » O`Reilly members enjoy unlimited access to live online training experiences, as well as books, videos and digital content from O`Reilly and nearly 200 trusted publishing partners. Although I am not a lawyer, I have spent nearly forty years researching, studying and applying laws and regulations to safety programs. It is these lessons learned and the retention of the most applicable legal information that I pass on to you to make your job as a chief security officer a little easier. You can`t create an effective cybersecurity program without aligning yourself with cybersecurity laws, standards, and regulations. Chapter 6 is of particular interest to the CISO because it helps the reader create a cybersecurity law program for the organization. This includes the identification of different roles and responsibilities, as well as the proposed technologies to be used in the implementation of the programme. Overall, this is a useful book for the CISO library and could be extremely useful when it comes to a new scheme or regulatory concept that requires a quick understanding. As a former CISO, I really wish I had access to this document to help me learn more about cybersecurity laws, standards and regulations.
Chapter 2: Overview of the U.S. Cybersecurity Act – With a solid understanding of the legal underpinnings, you can start reading about the U.S. Cybersecurity Act. This chapter introduces you to computer crime laws in the private and public sectors, how crimes are handled, and walks you through data breach prosecutions and how to get started. Essential lessons such as due diligence, inaction, reasonable person and customary law are also covered. You will learn about the rules of criminal and civil procedure that are applied in cases of cybercrime and data breaches. The chapter provides an overview of U.S. federal cybercrime laws and state computer crime laws. Tari Schreider also discusses the legal implications of big data, cloud, data breaches, IoT, ethical hacking, and personal digital assistants.
Numerous legal case quotes are included throughout the book, as well as practical recommendations and templates for creating a cybersecurity law program as part of your governance, risk, and compliance efforts. In addition, the latest national and international standards and their effects are discussed in detail. Cybersecurity Law, Standards and Regulations (2nd edition) is the first book on this critical topic with something for anyone dealing with cybersecurity law and its foundations.