Sign up to save your podcasts
Or
Share Legal Protection for CISOs
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Legal Protection for CISOs
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-legal-protection-for-cisos/)
What's the legal responsibility of a CISO? New cases are placing the liability for certain aspects of security incidents squarely on the CISO. And attorney-client privilege has been overruled lately too. What does this mean for corporate and for CISO risk?
Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Evan Wolff, partner at Crowell & Moring.
Thank to our episode sponsor, TrustMAPP.
TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you're going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.
On this episode of Defense in Depth, you'll learn:
- We repeatedly joke about Davi Ottenheimer's comment that the CISO has held the moniker of "designated felon" in American risk mitigation.
- Big piece of advice that was repeated throughout the episode is to have an employment contract.
- In the employment contract you want an exit strategy that allows you to leave if you think a situation is not tenable or the company is asking you to do something that you believe to be unethical. It gives you an opportunity to leave without any blame assigned.
- The cc field is your friend. If you don't want to be seen as the only one "in the know" take advantage of making sure key people are also in the loop.
- We heard one unbelievable story of an employment contract where it was clear that the CISO would be the "designated felon" should there be any breach. This was put in place to protect the executive team. The contract offered financial security for two years post breach. We all agreed this was insane and had never heard of anything like that before.
- Be wary of being forced to take on personal ownership of security issues. A CISO is responsible, not accountable.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-legal-protection-for-cisos/)
What's the legal responsibility of a CISO? New cases are placing the liability for certain aspects of security incidents squarely on the CISO. And attorney-client privilege has been overruled lately too. What does this mean for corporate and for CISO risk?
Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Evan Wolff, partner at Crowell & Moring.
Thank to our episode sponsor, TrustMAPP.
TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you're going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.
On this episode of Defense in Depth, you'll learn:
- We repeatedly joke about Davi Ottenheimer's comment that the CISO has held the moniker of "designated felon" in American risk mitigation.
- Big piece of advice that was repeated throughout the episode is to have an employment contract.
- In the employment contract you want an exit strategy that allows you to leave if you think a situation is not tenable or the company is asking you to do something that you believe to be unethical. It gives you an opportunity to leave without any blame assigned.
- The cc field is your friend. If you don't want to be seen as the only one "in the know" take advantage of making sure key people are also in the loop.
- We heard one unbelievable story of an employment contract where it was clear that the CISO would be the "designated felon" should there be any breach. This was put in place to protect the executive team. The contract offered financial security for two years post breach. We all agreed this was insane and had never heard of anything like that before.
- Be wary of being forced to take on personal ownership of security issues. A CISO is responsible, not accountable.
More shows like Defense in Depth
View all
Hacked
187 Listeners
Security Now (Audio)
2,008 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,021 Listeners
Smashing Security
319 Listeners
Click Here
415 Listeners
Darknet Diaries
8,061 Listeners
Cybersecurity Today
179 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
188 Listeners
Cyber Security Headlines
139 Listeners
Risky Bulletin
44 Listeners
Hacker And The Fed
168 Listeners