The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Ohio is innovating in Cyber Security!

See Article Here

I never thought I would say those words, especially about my home state of Ohio! But a recently passed bill in Ohio will allow companies, that have implemented a recognized security framework, an affirmative defense in tort law against a plaintiff arguing that the company failed to implement reasonable security controls. They are calling it a "safe harbor" of sorts, 

It says that if a "covered entity," defined as "businesses that access, maintain, communicate or process personally identifiable information (PII) in one or more system or network in Ohio," "reasonable conforms" to a current framework like NIST, GLBA, FISMA, HI-TECH or PCI-DSS they have an "affirmative defense" meaning they are presumed to be acting reasonably.

It is not perfect, the company still has to prove they are actually following the framework, in a reasonable way, but it is a novel and decent attempt to get SMB's interested in doing something about cyber security. Bravo OHIO!