Legal BlackBook

TM

SEPTEMBER 2018
SUBSCRIBE FOR FREE
How Soon Must You Report a Breach to the SEC?
EDITOR'S NOTE
David Hechler, Editor-in-Chief
I think of this as our CISO issue. We have two articles that feature individuals who have been chief information security officers. They explain how the CISO functions most effectively, and why it’s important to work closely with the general counsel. ​ READ
KEEPING THE
LIGHTS ON
An electric company’s 'gym' helps train corporations to defend themselves against cyberattacks.
By David Hechler
There’s a new gym in town. It’s called CyberGym, and the people who run it say that they know how to train your company’s team how to respond in case you’re attacked. Even if your company is a law firm. And lawyers, they point out, ought to have a lot of motivation to learn, since they are often saddled with the responsibility of cleaning up the mess after a breach. READ.
INTERVIEW: TOM KELLERMANN / CARBON BLACK, INC.
A CALL TO EMPOWER CISOS
And why they should be joined at the hip with the general counsel.
In recent years, the job of the chief information security officer has grown more important. The job is harder, the skills required are more extensive, but the power and resources that the CISO is given are not commensurate with the demands. CISOs would benefit from having more allies at the top—especially general counsel. READ.
THE TECHIES WHO DEFEND CYBERSECURITY’S BOTTOM LINE

A woman recounts her surprising rise to the role of CISO, and provides insight into what one needs to succeed.
By David Hechler
If there was ever a woman you’d think was going to have a hard time making her way in the field of cybersecurity, it would be Sali Osman. She was born in Sudan, where, even there, as a Nubian, she was from a minority group. She’s also Muslim and she’s black. Yet, she has no complaints. She’s held important information security jobs at companies that ranged from GE Capital to Saudi Aramco, and she has been a chief information security officer. Now that she is a frequent adviser to boards and government agencies, she has a lot to say about the role—and how companies could use their CISOs more effectively. READ.
An Invitation to our Cybersecurity Working Group
As you may have heard, CyberInsecurity and In The House are teaming up to co-chair a Cybersecurity Working Group on the second Thursday of each month. It’s a free interactive video event that begins with a brief presentation by a special guest designed to kick off a lively conversation. Sali Osman (who is featured above and has been a chief information security officer) will address the following topic: How to bridge the gap between the CISO and the legal department. She encourages you to bring your comments and questions.
     Ms. Osman will also repeat her talk before another group at 12:30, so feel free to join us at
either time. Here are the links to join the conversation:
Thursday, September 13: 10:00 a.m / 12:30PM
HOW DISINFORMATION CAN DAMAGE COMPANIES

The spotlight may be on the midterm elections, but intentionally false news can target—and devastate—a business.
By David Hechler
Russia’s disinformation campaign to influence the midterm elections has lately been much in the news. It’s a big story, but it’s part of a much larger one that hasn’t gotten sufficient attention. Disinformation is not just about Russia and politics. Or cyberattacks. Disinformation can also be a devastating weapon when it’s turned on a business. And even when the delivery method is not a cyberattack, there may be important lessons to learn about the fragility of information security. READ.