The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


Law Firm Moving Into Data Incident Response With RADAR

See Article Here

Happy New Year everyone! Can I still say that? I have been trying to decide how I will continue my blog posts, daily has proven a bit challenging as things start to pick up but I don’t want to disappoint my consistent readers. We will figure it out together!

In reading the attached article I sort of got confused about what it was talking about. The headline says “Dentons Enlists RADAR for Firmwide Data Breach Assessment” and I thought it was interesting so I began to read it. In it key buzz words are used like data incident response and assessment, evaluating possibly data breach liability, compliance, data security, automatic procedures if a data breach occurred, etc.

So the article has all the key words but what struck me was how they put the topics together when essentially RADAR is a tool that helps an organization determine if there are data breach notification laws they have to comply with when a breach has occured. A company goes in and fills out a form about what occurred and the tool tells it what notification responsibilities it has based on those facts. Now don't get me wrong, knowing who and where to report your breach to is very important, and a tool like RADAR can very important to your incident response strategy. I guess having grown up in security operations and incident response it bothers me the mixing of terminology. Sure you can describe data breach notification as “data incident response and assessment” but does that help or hinder the clarity for the industry?

Legal technology or legal tech is now it’s own industry and vendors are popping up to sell privacy related tools. So now we have IT Security, information/cyber security, compliance, and privacy tools and vendors. Wow, that's a lot for anyone to understand let alone put together cohesively, or secure effectively!

Happy New Year!