The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Is It Awareness Or Indifference?

See Article Here

Everyone is trying to figure out what will it take to have corporations take cyber attacks seriously and many believe the problem is failing to get the proper cyber risk information to the Board of Directors (BoD). After all it is the job of the BoD to protect the company against all types of risk. However, cyber risk (and privacy) has always been this fuzzy thing, talked about in technical terms, not really given the time or effort of really understanding what it means or how it may effect the compamny. 15 minutes at the board meeting by the CIO and CISO and that’s it.

However, I have been hearing about the need for BoD engagement for at least 10 years, so how much time must go by before BoD’s actually take the time to understand cyber and privacy risk? Supposedly, individuals that are lucky enough to serve as a Director are some of the best and brightest in the country so it is not a matter of intelligence? Or indifference?

I know I am being a bit harsh and tough, but really how long is the “it’s too hard” excuse last? BoD’s owe it to themselves to get educated by bringing in the subject matter experts necessary to get and keep them educated. Because as the headlines show, cyber security and privacy risk are not going away.