Entries by Information Analyst

From Niche to Universal: The Broadened Application of NIST Cybersecurity Framework 2.0

From Niche to Universal: The Broadened Application of NIST Cybersecurity Framework 2.0

Insights

ALM

 

From Niche to Universal: The Broadened Application of NIST Cybersecurity Framework 2.0

 

July 2, 2024

 

By Daniel B. Garrie, Esq., Yoav Griver

The National Institute of Standards and Technology (NIST) Cybersecurity Framework was created to provide a structured approach to managing cybersecurity risks and improving overall security measures. It serves as a guide for organizations to identify, protect, detect, respond to, and recover from cyberthreats effectively. The NIST recently unveiled the muchanticipated version 2.0 of its landmark Cybersecurity Framework. This update, as detailed in the NIST’s announcement, is designed to be more inclusive, extending its applicability across all sectors and industries, thereby reinforcing the importance of cybersecurity in the modern digital age. The expansion and refinement of the framework underscore the growing recognition of cybersecurity as a critical component of organizational integrity, regardless of the industry. This article explores the implications of the NIST Cybersecurity Framework 2.0 for organizations and elucidates why thirdparty cyber audits are instrumental in ensuring compliance and enhancing cybersecurity posture.

Understanding NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework 2.0 is designed to be universally applicable, extending its reach beyond critical infrastructure sectors to encompass all industries. This inclusive approach is a response to the universal challenge of cybersecurity threats, which do not discriminate by sector. The framework’s expanded applicability means that organizations across various sectors, including those not traditionally considered part of critical infrastructure, such as education and retail, are now encouraged to adopt its guidelines to bolster their cybersecurity defenses. Moreover, the framework has been updated to offer enhanced flexibility, allowing organizations to tailor their cybersecurity strategies more effectively to their specific needs, risks, and contexts. This adaptability is crucial in a landscape where cyberthreats are constantly evolving, and one-size-fits-all solutions are often inadequate

To read the full article, go to ALM

Weathering the Storm: Insights on the SolarWinds Wells Notice

Weathering the Storm: Insights on the SolarWinds Wells Notice

Webinar

About This Webinar

The SolarWinds breach has represented a landmark event in its scope and technical complexity, as well as in the ensuing impact it has had on regulatory oversight and executive liability. This major cybersecurity event, which affected both private corporations and government agencies, has been followed by the signing of Executive Order 14028 and the adoption of the new SEC ‘Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies.’ The attack is also serving to highlight the increasing potential for executive liability in cybersecurity incidents. Indeed, a Wells Notice received by current and former executives of SolarWinds in June 2023 was the first instance of a CISO being directly named. As this latest event continues to shape the way organizations understand and address cyber risk management, join our panel of industry leaders for a dynamic conversation at the intersection of cybersecurity and the law. This seminar will serve as a useful resource for lawyers aiming to understand the consequences of these developments and gain insight into crafting strategies to mitigate risks.

What You Will Learn
In this seminar, our panel of industry leaders begin by reviewing the Solar Winds attack to highlight key facts, the technical complexity of the attack method, and the breadth of affected parties. Our speakers then review the response to the breach, and focus on the SEC’s June 2023 Wells Notice, to highlight its potential implications for executive liability. The panel concludes the discussion by highlighting best practices to safeguard organizations and avoid the pitfalls of digital threats.

Topics covered in this webinar:   

  1. The Solar Winds Cyber Attack
  2. Regulatory Response
  3. Wells Notice
  4. Looking Ahead and Best Practices

Speakers:

  • Daniel B. Garrie, Esq.
    • Founder, Law & Forensics
    • Neutral, JAMS
    • Faculty, Harvard University
  • Rick Borden
    • Partner, Frankfurt Kurnit
  • Craig Martin
    • Partner, Investigations + White Collar Defense Practice Group Co-Chair, Morrison Foerster
  • Lana Yang
    • Senior Counsel and Senior Manager of Information Governance, Security, and Privacy, Mitsubishi Corporation (Americas)

Attending the webinar

If you would like to attend the program, please click this link and add the program to your “Cart.” Please note you may need to click the link twice to reach the webinar’s page.

Data Defender: Insights on the FTC, Privacy, and Data Surveillance

Data Defender: Insights on the FTC, Privacy, and Data Surveillance

Webinar

About This Webinar

In a world where data breaches are becoming alarmingly common, understanding the cybersecurity regulatory landscape is not just beneficial, but vital to corporate risk management. Experience the fascinating intersection of law and technology in “Insights on the FTC, Privacy, and Data Surveillance,” a course that illuminates the intricacies of developing regulatory data privacy and security oversight. This seminar will help strengthen your command over the relevant FTC regulations, data privacy, and surveillance, solidifying your stand in the dynamically evolving cyber legal sphere.

What You Will Learn

Our panel of legal and technical experts begins the program by providing an overview of the FTC and its enforcement authority, followed by a discussion of the GLBA Safeguarding Rule and the FTC’s role in enforcing it. The speakers then discuss the FTC Rulemaking Process, highlighting through their diverse perspectives and experiences key considerations. Finally, our panelists discuss the Trade Regulation Rule on Commercial Surveillance and Data Security ANPR currently in process and conclude with a discussion of important recent cases that have helped shape the FTC’s rulemaking authority.

Topics covered in this webinar:   

  1. The Federal Trade Commission: Overview
  2. The FTC and the GLBA Safeguarding Rule
  3. FTC Rulemaking Process
  4. Trade Regulation Rule on Commercial Surveillance and Data Security ANPR
  5. Recent Cases

Speakers:

  • Daniel B. Garrie, Esq.
    • Founder, Law & Forensics
    • Neutral, JAMS
    • Faculty, Harvard University
  • Aaron Tantleff
    • Partner, Foley & Lardner LLP
  • Tarique Collins
    • Chief Legal Officer, Click Therapeutics, Inc.
  • Tammy Klotz
    • Cybersecurity & IT Executive
  • Stewart Baker
    • Of Counsel, Steptoe & Johnson LLP

Attending the webinar

If you would like to attend the program, please click this link and add the program to your “Cart.” Please note you may need to click the link twice to reach the webinar’s page.

Software Patent Puzzle: Legal Protections in the Digital Age

Software Patent Puzzle: Legal Protections in the Digital Age

Webinar

About This Webinar

The digital era commands an understanding of software patents. They shape competitive landscapes, attract investment, offer defensive legal strategy, and respond to shifting legal norms. This seminar is aimed at providing a comprehensive understanding of software patents. By examining the specifics of software and patents, insights from SCOTUS on the “Physicality” of software, challenges in litigating software patents, software patent infringement, and future technology developments, this seminar offers a solid foundation and practical tools for legal professionals navigating the complexities of software patent law.

What You Will Learn

Participants will gain insights into the unique aspects of software patentability, including software “Physicality” and its implications as outlined by SCOTUS. The seminar will discuss common litigation challenges associated with software patents, delve into infringement issues, and offer a perspective on emerging technologies, such as AI, and their impact on patent law.

Who Should Take This Seminar

This seminar is intended for practicing attorneys, legal professionals in training, and patent agents who deal with, or are interested in, software patents. If your work involves managing intellectual property rights, specifically in the software industry, or you are involved in developing legal strategy for software-related matters, this seminar offers practical insights and tools to enhance your practice.

Topics covered in this webinar:   

  1. Overview of Software and Patents
  2. Patentability of Software “Physicality”: Insights from SCOTUS
  3. Challenges of Litigating Software Patents
  4. Infringement and Software Patent Litigation
  5. Looking Ahead and Technology Developments

Speakers:

  • Daniel B. Garrie, Esq.
    • Founder, Law & Forensics
    • Neutral, JAMS
    • Faculty, Harvard University
  • Hon. James Ware
    • Neutral, JAMS

Attending the webinar

If you would like to attend the program, please click this link and add the program to your “Cart.” Please note you may need to click the link twice to reach the webinar’s page.

Lessons for CISOs from the SolarWinds Breach and SEC Enforcement

Lessons for CISOs from the SolarWinds Breach and SEC Enforcement

Insights

ALM

 

Lessons for CISOs from the SolarWinds Breach and SEC Enforcement

 

May 2024

 

By Daniel B. Garrie, Esq., David cass, and Jennifer Deutsch

In an era where digital threats loom large, the responsibilities of Chief Information Security Officers (CISOs) have expanded beyond traditional IT security to encompass a broader governance, risk management, and compliance role. The infamous SolarWinds Corp. attack, which compromised numerous public and private organizations globally, illustrates the complex cybersecurity landscape CISOs navigate. The subsequent legal and regulatory responses, including a complaint by the U.S. Securities and Exchange Commission (SEC), underscore the critical role of CISOs in not only safeguarding digital assets but also ensuring compliance with evolving cybersecurity disclosure requirements. This article examines the SolarWinds incident and the SEC’s actions to derive essential governance lessons for CISOs.  

In 2020, SolarWinds disclosed that it had been subject to a cyberattack, commonly referred to as “SUNBURST.” SUNBURST is believed to have been conducted by Russian state-sponsored hackers and affected over 18,000 customers, including government agencies and Fortune 500 companies.i Attackers compromised the infrastructure of SolarWinds, a leading provider of IT management software, to distribute malicious updates to the company’s Orion software.  

In response to the breach, on October 30, 2023, the SEC sued SolarWinds and its CISO, Timothy G. Brown, in connection with the SEC Division of Enforcement’s investigation of the cyberattack.ii The SEC alleges that from October 2018, when SolarWinds went public, to January 2021, SolarWinds and Brown “defrauded SolarWinds” investors by overstating SolarWinds’ cybersecurity practices and understating or failing to disclose known risks.iii In its filings with the SEC, SolarWinds allegedly misled investors by disclosing only generic and hypothetical risks at a time when SolarWinds and Brown knew of specific deficiencies in SolarWinds’ cybersecurity practices as well as the increasingly elevated risks the company faced at the same time.iv Recently, the SEC filed an amended complaint that lays out the same claims it made against the company last fall, only in greater detail.v

To read the full article, go to ALM

Using AI to Predict Outcomes in Class Action Litigation

Using AI to Predict Outcomes in Class Action Litigation

Insights

ALM

 

Using AI to Predict Outcomes in Class Action Litigation

 

May 3, 2024

 

By Daniel B. Garrie, Esq. and Michael Mann

In evaluating whether to take on a potential class action case, attorneys have to consider many things. How many other people have been harmed in the same way as the prospective plaintiff? How likely is it that their claims will succeed? How likely is it to get class certification? Have other lawsuits asserting the same claims already been filed? It can be a challenging analysis to undertake even before getting involved in the actual case. The development of legal artificial intelligence (AI) tools in recent years is starting to have an impact on this type of analysis for class actions. This article explores how using AI can impact class action lawsuits and change the legal landscape.

But first, what does AI mean in this context? The term AI within the legal technology field refers, at a basic level, to software designed to perform fairly routine language-related tasks, such as reading court rulings, very quickly over a large data set. It generally involves machine learning, which enables the software to improve its performance according to human direction and feedback. Legal AI tools use natural language processing (NLP) software that can understand written or spoken commands, enabling lawyers to easily give direction and feedback to the AI without needing to use computer programming.

One use of AI in the legal field is to predict court rulings on potential litigation issues. AI tools can analyze extremely large volumes of court rulings to determine the decisions reached by the judge in relation to the facts of each case. This analysis can be used to identify trends in fact patterns corresponding with favorable or unfavorable rulings as well as other types of trends such as those pertaining to jurisdiction, specific judges, specific types of plaintiffs, specific defendants, etc.

To read the full article, go to ALM

Navigating personal liability: post data-breach recommendations for CISOs

Navigating personal liability: post data-breach recommendations for CISOs

Insights

CSO Online

 

Navigating personal liability: post data-breach recommendations for CISOs

 

April 29, 2024

 

By Daniel B. Garrie, Esq. and Richard A Kramer

CISOs can avoid being liable for data breaches by following legal advice, communicating effectively with internal and external stakeholders, and demonstrating commitment to avoid future incidents.

The key to minimize personal liability for CSOs and CISOs after a data breach is to act responsibly and reasonably. The current state of the law is that those involved in an organization that is threatened or affected by a data breach are expected to react reasonably under the circumstances. To meet this standard, one should engage and follow legal advice, communicate effectively, and demonstrate a commitment to addressing the breach and preventing future incidents. By following these recommendations, CSOs, and CISOs can navigate the challenging terrain of a data breach while minimizing their own risk of personal liability.

A data breach can have significant financial, reputational, legal, and emotional implications for an organization, its personnel, clients, and a wide range of others. When a data occurs, affected persons become concerned with what may have happened and how it could negatively impact them. Not only is there a real threat to their financial well-being, but there is also a perceived disquieting attack on personal privacy. And beyond those reactions, government regulators as well as politicians often spring into action for a wide range of purposes.

For chief security officers (CSOs) and chief information security officers (CISOs), a breach presents unique challenges, including potential personal liability. While it is rare, personal liability for CSOs and CISOs is not entirely out of the question. In cases where it can be demonstrated that the CSO or CISO acted negligently or failed in their duties, they could potentially be held personally liable. This could result in financial penalties, disqualification from holding director or officer positions, and, in extreme cases, criminal charges.

To read the full article, go to CSO Online

Arbitration as an Effective Mechanism for Resolving Asset Purchase Agreement Disputes

Arbitration as an Effective Mechanism for Resolving Asset Purchase Agreement Disputes

Insights

Daily Journal

 

Arbitration as an Effective Mechanism for Resolving Asset Purchase Agreement Disputes

 

April 19, 2024

 

By Daniel B. Garrie, Esq.

In the realm of commercial transactions, asset purchase agreements (APAs) are a cornerstone, facilitating the transfer of assets from one entity to another. These agreements, while meticulously crafted, are not immune to disputes. Arbitration has emerged as a pragmatic and efficient method for resolving such disagreements, ensuring a harmonious transition of assets while preserving the business relationship between the parties involved. 

Understanding Asset Purchase Agreements 

An asset purchase agreement is a legal document outlining the terms and conditions pertaining to the purchase and sale of a company’s assets. These assets may include tangible properties like machinery, inventory, and real estate, or intangible assets such as intellectual property, customer lists, and goodwill. APAs are preferred over stock purchase agreements when buyers wish to acquire specific assets and avoid inherent liabilities. 

APAs are structured to include the identification of assets, the purchase price, representations and warranties, covenants, conditions to closing, indemnifications, and dispute resolution mechanisms. The precise nature of these agreements is essential to both parties, as it governs the transfer of assets and helps in mitigating risks associated with the transaction.

Potential Disputes in Asset Purchase Agreements 

Despite the comprehensive nature of APAs, disputes are not uncommon. These disputes can arise from various aspects of the agreement. Often, disagreements occur when the seller is alleged to have misrepresented the condition, value, or attributes of the assets being sold. Disputes over the valuation of assets, especially intangibles, are also common. Other typical disputes include allegations of non-compliance with an agreement’s terms or issues arising from post-closing adjustments, which are adjustments made to the purchase price based on the actual asset valuation. APA disputes often raise highly fact specific issues that are deeply rooted in the standards and norms of the relevant industry. For this reason, it can be difficult for a trier of fact without industry specific knowledge to accurately assess the issues at play in an APA dispute. 

 

To read the full article, go to Daily Journal

Canadian Legal and Legislative Update conference

Canadian Legal and Legislative Update conference

Events

In Person Event

Canadian Legal and Legislative Update

When: May 15th – 16th, 2024

Format: In-Person

 

Will your pension and benefit strategies weather the tides of the legal and legislative issues impacting your organization?

Stay up to date on the latest legal and regulatory updates impacting your plans by attending the Canadian Legal and Legislative Update. This conference is relevant for trustees, plan sponsors, public employees and service providers. You will not want to miss the conference providing the latest updates on need-to-know information that will help your organization sail smoothly throughout the upcoming year.

Benefits of Attending

  1. Focus on the critical information you need to know now with fresh and relevant topics.
  2. Gain a deeper understanding of the issues affecting the pensions and benefits industry and their impact on your funds.
  3. Take advantage of opportunities to network with your peers.

Who Should Attend

This program is especially designed for labour and management trustees, public service trustees, professional advisors and corporate plan sponsors.

Preconference Option

We invite you to join us for this year’s preconference session Board Succession Planning. Join us before the start of the Canadian Legal and Legislative Update on Tuesday, May 14th from 1-5 p.m. to equip yourself with strategic insights and tools necessary to ensure a smooth transition of leadership within your organization.

 

Speakers:

Daniel Garrie
Law & Forensics

Don’t Gamble on Vendors: Legal Strategies for Third-Party Cyber Risk Mitigation

Don’t Gamble on Vendors: Legal Strategies for Third-Party Cyber Risk Mitigation

Webinar

About This Webinar

It is hard for businesses these days to avoid utilizing third-party vendors. They are a necessary component of any organization’s operations. Vendors are an efficient method of outsourcing services that would be too expensive or specialized for the business to carry out itself. Third party vendors, however, also bring forward a slew of risks with the data that they store and process for their services. And just because they are third parties does not make them any less susceptible to data breaches. In fact, vendors can pose the weakest link in protecting sensitive data, because they are often less technologically advanced, have fewer incentives to protect client data, and businesses have limited visibly to ensure they meet their safety standards. It is the responsibility of organizations to be proactive in setting the standards for the operations of their third-party vendors in order to preserve their reputation. This seminar will provide key insights for attorneys looking to understand the vulnerabilities associated with third-party vendors and how to assist their clients in staying ahead of the threat.

In this seminar, our expert panelists begin by introducing the cyber security landscape and the risks that many companies face when it comes to combatting data breaches. They underscore the threat third-party vendors can pose on the data they collect and process. Our panelists then go on to outline the various steps organizations can take to better protect their data when it goes into the hands of vendors. They emphasize the importance of managing the vendors and regularly conducting risk assessments. The panelists conclude by reviewing the current legal landscape and discussing a recent case that involved a vendor data breach to better understand how to implement best practices.

Topics covered in this webinar:   

  1. Why Vendors Create a Unique Cybersecurity Threat
  2. Key Policies and Practices That Can Help Reduce Vendor Risk
  3. The Evolving Regulatory Landscape and Case Study

Speakers:

  • Daniel B. Garrie, Esq.
    • Founder, Law & Forensics
    • Neutral, JAMS
    • Faculty, Harvard University
  • Rolan Cloutier
    • Principal, The Business Protection Group
  • Judith Selby
    • Partner, Kennedys

Attending the webinar

If you would like to attend the program, please click this link and add the program to your “Cart.” Please note you may need to click the link twice to reach the webinar’s page.