Chapter 1 identifies relevant legal issues connected with cyber security and corporate liability planning and the significant role of corporate counsel in developing legal strategies to manage cyber security risks and liabilities. Given the open and unsecured nature of computer and information technologies and the immense pressures to deliver services and products to market, there is no possible way that corporate managers can fully secure all assets or completely eliminate liability.
Chapter 4 addresses challenges for counsel, corporate considerations, and builds a foundation for exploring appropriate structures and frameworks to manage legal risks in the Information Age. Cyber security and corporate liability requires companies to piece together philosophies on solid and well-positioned corporate governance frameworks. As with discussions on liability and board of director responsibilities, this chapter focuses on the specific framework that counsel must outline, support, stitch together, and implement to manage complex cyber risks in a legal environment.
Chapter 7 focuses on commercial challenges facing counsel in the context of criminal liability for cyber security and corporate liability planning. In this light, counsel's preparations should include a thorough due diligence review of relevant criminal laws. This assessment may require a careful analysis of laws covering cyber intrusions, computer-related espionage and trade secret theft, and other federal and state laws impacting corporate cyber activity.
Chapter 8 reviews the legal and policy foundation for two significant federal government security challenges: 1) Homeland Security, National Security, Intelligence and Critical Infrastructure Protection; and 2) and Electronic Government.
Chapter 2 looks at general liability. Given the realities of the cyber world, traditional risk management tools are not generally constituted to prevent or mitigate damages. This chapter discusses new risk management processes corporate counsel may need to consider, focusing on the relationships between traditional principals of due diligence and corporate responsibility with the management of cyber-security risks in the second decade of the 21st century.
Chapter 3 looks at emerging liability issues and areas of legal concern that counsel might identify and find ways to overcome as they manage the complex risks that can lead to harm for their clients.
Chapter 5 focuses on comprehensive and enterprise-wide programs and policies for responding to cyber security and corporate liability incidents and outages with suggestions that counsel should require and monitor the development and implementation of response and mitigation practices for an array of activities.
Chapter 6 discusses steps counsel should incorporate in their cyber security and corporate liability principles in the development, maintenance, and review of the enterprise's insurance program.
The forms and source materials included in this Monograph, as well as the other resources discussed and referred to, provide corporate counsel with a wide range of materials relating to cyber security and corporate liability. All of these forms and resources were produced by professionals in a variety of industries, such as insurance and financial services; in some cases, legislative materials and forms from government and law enforcement provide a different perspective. Overall, the resources and documents discussed, reproduced and/or referenced, offer counsel the types of guidance and insights necessary to understand the many aspects of cyber security and corporate liability.
Also available as part of the complete 38-volume set entitled Business Law Monographs.
Table of Contents
Division I TEXT
CHAPTER 1 Introduction to Developing Legal Strategies to Manage Cyber Security Risks and Liabilities.
CHAPTER 2 Liability
CHAPTER 3 Emerging Liability Issues
CHAPTER 4 Developing a Security Program.
CHAPTER 5 Response and Mitigation
CHAPTER 6 Prevention
CHAPTER 7 Law Enforcement
CHAPTER 8 Federal Government: Homeland Security, Critical Infrastructure Protection, & Electronic Government
Division II FORMS
Form 1 Sample Internet Insurance Policy
Form C10-2 OCC Bulletin -- Technology Risk Management: PC Banking
Form C10-3 OCC Bulletin -- Infrastructure Threats: Intrusion Risks
Form C10-4 OCC Bulletin -- Electronic Banking
Form C10-5 The Financial Services Information Sharing & Analysis Center
Form C10-6 National Infrastructure Protection Center Cyber Threat and Computer Intrusion Incident Reporting Guidelines
Form C10-7 Ethical Hacking Best Practices by Ken Brandt
Form C10-8 Office of Thrift Supervision, Department of the Treasury, New Suspicious Activity Form
Form C10-9 Office of Thrift Supervision, Department of the Treasury, Privacy Preparedness Check-up
Form C10-10 Office of Thrift Supervision, Department of the Treasury, Risk Management of Technology Outsourcing
Form C10-11 CEO Guide to Security Challenges
Division III SOURCE MATERIALS
Item C10-1 Executive Order 13228: Establishing the Office of Homeland Security and the Homeland Security Council
Item C10-2 Executive Order 13231: Critical Infrastructure Protection in the Information Age