Product details

By continuing to use our site you consent to the use of cookies as described in our privacy policy unless you have disabled them.
You can change your cookie settings at any time but parts of our site will not function correctly without them.

Abstract

This chapter is excerpted from 'Cybersecurity Law: Protect Yourself and Your Customers'. Information security refers to a set of strategies for managing the processes, tools, and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, being processes or is at rest in storage 'Definition from WhatIs. com (n.d.). Retrieved from https://searchsecurity.techtarget.com/definition/ information-security-infosec'. With the growth and popularization of the Internet, the Internet of things (IOT) and e-Commerce information security has become extremely important in most organizations. The IOT refers to the connection of physical devices such as laptops, home appliances, cars, senors and other electronics to one another through the Internet. This mass connection of devices is constantly collecting information on their usage, location and user behaviors and this information is usually sent to and stored in a database somewhere on the Internet. The result of all of this is that organizations now hold and are responsible for a larger volume of information than ever before. Organizations collect this information because information holds financial value, they can use it to create better products, make targeted marketing campaigns and much more. When holding such valuable digital assets organizations need to ensure that they have an adequate amount of information security for the sake of the company and the customers whose information you are holding. In some cases business partners may demand proof of your company's current information security measures before engaging in electronic commerce with you. In addition to demands made by potential business partners, your company is also subject to federal laws, state/provincial laws and industry specific laws. The penalties for not adhering to these laws include a number of lawsuits by customers that are affected in the event of a data breach and fines by the government or state/province. Cybersecurity law has three main components that I will be discussing. Firstly, it refers to the legislation that dictates the extent to which organizations must protect their data, in particular personally identifiable information (PII) 'Rouse, M (n.d.). What is personally identifiable information (PII)'. This refers to any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used to de-anonymizing anonymous data can be considered PII, this includes things such as credit cards, home addresses, phone numbers, and so on. Secondly, there are laws regarding how a company can collect and use the information that it collects from its customers/clients. This part of cybersecurity law deals more with privacy than it does security itself, this part of legislation deals with making it illegal to do things like eavesdrop on someone's phone calls without the user's consent, making it illegal for companies to sell your information to other companies without making you aware, and so on. Thirdly, there are laws that dictate the authority that law enforcement has when interacting with companies during an investigation. It's important as a company that you know your rights so that you aren't pressured into giving up customer information and breaching their privacy and your clients trusts. This portion of the law will mostly apply to management in larger corporations. Another important aspect I will be discussing is cybersecurity liability, how to avoid being legally liable in the event of a cybersecurity breach. The number of companies suffering from cyberattacks are increasing every year, combine that with cases of employee misconduct and negligence leading to data leakages and you get an increasing amount of class action lawsuits being filed against corporations. Any data breach where having their data stolen has caused someone harm is a potential lawsuit for a company, I will be discussing ways that companies can reduce the likelihood of being at fault in such a situation. There are also ways that companies can receive financial relief to help them recover after suffering a major data breach that I will go over in later chapters. Data breaches have already affected companies like Yahoo, Sony's Playstation Network, Adobe and Target affected 3 billion, 77 million, 38 million, and 110 million users respectively. With the number of cyberattacks companies face increasing every year this number is likely to only increase and this means the risk of lawsuits to companies whose information is still will continue to increase as well.

About

Abstract

This chapter is excerpted from 'Cybersecurity Law: Protect Yourself and Your Customers'. Information security refers to a set of strategies for managing the processes, tools, and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Infosec responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, being processes or is at rest in storage 'Definition from WhatIs. com (n.d.). Retrieved from https://searchsecurity.techtarget.com/definition/ information-security-infosec'. With the growth and popularization of the Internet, the Internet of things (IOT) and e-Commerce information security has become extremely important in most organizations. The IOT refers to the connection of physical devices such as laptops, home appliances, cars, senors and other electronics to one another through the Internet. This mass connection of devices is constantly collecting information on their usage, location and user behaviors and this information is usually sent to and stored in a database somewhere on the Internet. The result of all of this is that organizations now hold and are responsible for a larger volume of information than ever before. Organizations collect this information because information holds financial value, they can use it to create better products, make targeted marketing campaigns and much more. When holding such valuable digital assets organizations need to ensure that they have an adequate amount of information security for the sake of the company and the customers whose information you are holding. In some cases business partners may demand proof of your company's current information security measures before engaging in electronic commerce with you. In addition to demands made by potential business partners, your company is also subject to federal laws, state/provincial laws and industry specific laws. The penalties for not adhering to these laws include a number of lawsuits by customers that are affected in the event of a data breach and fines by the government or state/province. Cybersecurity law has three main components that I will be discussing. Firstly, it refers to the legislation that dictates the extent to which organizations must protect their data, in particular personally identifiable information (PII) 'Rouse, M (n.d.). What is personally identifiable information (PII)'. This refers to any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used to de-anonymizing anonymous data can be considered PII, this includes things such as credit cards, home addresses, phone numbers, and so on. Secondly, there are laws regarding how a company can collect and use the information that it collects from its customers/clients. This part of cybersecurity law deals more with privacy than it does security itself, this part of legislation deals with making it illegal to do things like eavesdrop on someone's phone calls without the user's consent, making it illegal for companies to sell your information to other companies without making you aware, and so on. Thirdly, there are laws that dictate the authority that law enforcement has when interacting with companies during an investigation. It's important as a company that you know your rights so that you aren't pressured into giving up customer information and breaching their privacy and your clients trusts. This portion of the law will mostly apply to management in larger corporations. Another important aspect I will be discussing is cybersecurity liability, how to avoid being legally liable in the event of a cybersecurity breach. The number of companies suffering from cyberattacks are increasing every year, combine that with cases of employee misconduct and negligence leading to data leakages and you get an increasing amount of class action lawsuits being filed against corporations. Any data breach where having their data stolen has caused someone harm is a potential lawsuit for a company, I will be discussing ways that companies can reduce the likelihood of being at fault in such a situation. There are also ways that companies can receive financial relief to help them recover after suffering a major data breach that I will go over in later chapters. Data breaches have already affected companies like Yahoo, Sony's Playstation Network, Adobe and Target affected 3 billion, 77 million, 38 million, and 110 million users respectively. With the number of cyberattacks companies face increasing every year this number is likely to only increase and this means the risk of lawsuits to companies whose information is still will continue to increase as well.

Related