In-House Counsel's Role in Framing Cybersecurity Strategy

The Cybersecurity Framework being developed by the National Institute of Standards and Technology (NIST) presents an opportunity for in-house counsel to play an important role in framing and strengthening an organization’s preparedness for and response to cyberattacks.

The NIST, the federal agency that works with industry to develop and apply technology, measurements and standards, is collaborating with private-sector organizations to create the framework in response to President Barack Obama’s Executive Order, “Improving Critical Infrastructure Cybersecurity.” The goal of that order, issued in February, is to fortify the cybersecurity of the nation’s critical infrastructure by increasing information sharing and jointly designing and implementing a framework of cybersecurity practices with industry.

The framework uses existing international standards, practices and procedures that have proven to be effective to provide guidance to companies on how to manage cybersecurity risks with the same priority and urgency they give to financial, safety and operational risks.

NIST posted an outline in July and published the official draft of the Cybersecurity Framework [PDF] for public comment this past October. The executive order requires the NIST to finalize the framework by Feb. 19, 2014.

While implementing the framework will be voluntary, it will be beneficial for companies to adopt it. In-house counsel will be directly involved in formulating a process that establishes disclosure and compliance guidelines to follow in the event of a breach. Corporate counsel will be integral in designing strategies that address the five fundamental cybersecurity functions defined in the framework:

Identifying threats: Developing an understanding of which business systems, assets, data and capabilities need to be protected.
Protecting against threats: Devising safeguards to ensure delivery of essential infrastructure services.
Detecting events: Applying actions to identify the occurrence of cybersecurity events.
Responding to events: Implementing responses to detected cybersecurity events.
Planning for recovery: Employing management processes to restore the capabilities that were impaired through cybersecurity breaches.

The framework also offers direction on how the private sector should create and use industry best practices to carry out the core functions and measure their current state of cybersecurity against their desired targeted state.

Corporate counsel’s vital role in the development of cybersecurity policies and practices is an extension of the GC office’s responsibilities for protecting and securing intellectual property and assessing and minimizing risks. In-house counsel can spearhead several components of the cybersecurity plan, including:

Driving universal awareness of the risks throughout the organization and maintaining vigilance against possible threats.
Streamlining and crystallizing incident response plans.
Determining the proper reaction to attacks.
Assessing potential outside threats.
Apprising the board of directors on cybersecurity risks and response plans.

DRIVE UNIVERSAL AWARENESS OF RISKS

Featured Firms

Law Offices of Gary Martin Hays & Associates P.C.

75 Ponce De Leon Ave NE Ste 101

Atlanta, GA 30308

(470) 294-1674

www.garymartinhays.com

Law Offices of Mark E. Salomone

2 Oliver St #608

Boston, MA 02109

(857) 444-6468

www.marksalomone.com

Smith & Hassler

1225 N Loop W #525

Houston, TX 77008

(713) 739-1250

www.smithandhassler.com

Presented by BigVoodoo

More From ALM

As generative artificial intelligence inspires one of the biggest transformations in generations, Practical Guidance continues to provide the latest tips to help you prepare for the rapid evolution in the way attorneys work.

Practical Guidance Journal: Protecting Work Product in a Generative AI World

Brought to you by LexisNexis®
Download Now

The recent SEC release comes with significant changes for private fund managers. Hear expert insights on what happened, what it means, and what the compliance considerations are.

Countdown to Compliance: SEC Private Fund Reforms

Brought to you by Ontra
Download Now

Find out what features make a code of conduct most effective. Hint: it’s not just the rules.

9 Ethical Code of Conduct Examples for the Business Professional

Brought to you by LRN
Download Now

Premium Subscription

With this subscription you will receive unlimited access to high quality, online, on-demand premium content from well-respected faculty in the legal industry. This is perfect for attorneys licensed in multiple jurisdictions or for attorneys that have fulfilled their CLE requirement but need to access resourceful information for their practice areas.
View Now

Team Accounts

Our Team Account subscription service is for legal teams of four or more attorneys. Each attorney is granted unlimited access to high quality, on-demand premium content from well-respected faculty in the legal industry along with administrative access to easily manage CLE for the entire team.
View Now

Bundle Subscriptions

Gain access to some of the most knowledgeable and experienced attorneys with our 2 bundle options! Our Compliance bundles are curated by CLE Counselors and include current legal topics and challenges within the industry. Our second option allows you to build your bundle and strategically select the content that pertains to your needs. Both options are priced the same.
View Now

From Data to Decisions

Dynamically explore and compare data on law firms, companies, individual lawyers, and industry trends.

Exclusive Depth and Reach.

Law.com Compass includes access to our exclusive industry reports, combining the unmatched expertise of our analyst team with ALM’s deep bench of proprietary information to provide insights that can’t be found anywhere else.

Big Pictures and Fine Details

Law.com Compass delivers you the full scope of information, from the rankings of the Am Law 200 and NLJ 500 to intricate details and comparisons of firms’ financials, staffing, clients, news and events.

General Counsel Summit (GCS) 2024

August 12, 2024 - August 13, 2024
Sydney, New South Wales

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Learn More

General Counsel Conference Southwest 2024

September 18, 2024 - September 19, 2024
Dallas, TX

Join General Counsel and Senior Legal Leaders at the Premier Forum Designed For and by General Counsel from Fortune 1000 Companies

Learn More

Women, Influence & Power in Law (WIPL) 2024

September 23, 2024 - September 24, 2024
Chicago, IL

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Learn More