The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP, CIPP/US is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Government Contract? New Contract Language.

See Article Here

The Pentagon is changing it’s contractual requirements for cyber security. Essentially, they are bolstering their contractual language on the requirements for companies that do business with the government. This is where their 3rd Party (4th & 5th party) cyber security and privacy program comes into play. We have all seen the self-certification process where a contractor promises to do everything you require of them in order to win the contract. However, the only real way it is tested is when the breach happens. Then the owner of the data, in this situation, the government, has to own the breach because it is their data.

As an attorney, the contractual language is very important to me from a financial responsibility perspective. As a cyber security professional I understand you can’t absolve yourself of the responsibility of protecting the data your clients give to you with contractual language.

Your 3rd Party program must be more than a check the box exercise, it needs to fall within the purview of your risk management program. By risk ranking your vendors (partners) and working with them, you can not only help them understand where they stand, they can also focus and deliver the right level of data security requirements. If you build the relationship and develop a trusted partner that meets (or exceeds) your expectations you not only meet your goals but also your customer expectations.