Michael A. Gold, co-chair of JMBM’s Cybersecurity & Privacy Group, will host a panel of industry leading experts for the webinar, The Right Stuff: Validating Reasonable Information Security
Date: Thursday, June 18, 2020
Time: 10 AM – 11:15 AM PDT; 1 PM – 1:15 PM EDT
Most organizations have never had to prove that they have reasonable information security. Business and legal pressures are changing this dramatically. The California Consumer Privacy Act exposes businesses that have been breached to serious financial liability when they do not have reasonable information security. With data breaches increasing in scope and damage regardless of the money spent on cybersecurity, businesses will need to validate – in effect prove – that they have reasonable information security in order to avoid financial, legal and reputational harm.
During this webinar, our panel of experts cover:
The meaning of reasonable information security: What is it? Why the established information security frameworks, such as NIST, ISO and CISO, do not deliver reasonable information security; Why dynamic assessment of an organization’s information security posture is crucial; The impact of overlooked vulnerabilities in cloud and IoT environments.
The legal requirement for validating reasonable information security: The far-reaching impact of the California Consumer Privacy Act’s requirement for reasonable information security practices and procedures; Why the law is a precursor to similar requirements likely to be adopted by other states and the federal government; legal exposures arising from inability to validate reasonable information security.
The business and insurance imperatives for validating reasonable information security: Cyber insurance carriers will no longer take at face value an insured’s representations about its information security posture; Larger enterprises will decline to do business with companies that cannot validate the effectiveness of their information security measures; Regulated companies will no longer be permitted to self-certify their compliance with information security and privacy requirements. Continue reading