Register | Login
Intellectual Property Today
RFC Express - Document Management System

Cybersecurity Economics: ''How Much Security is Enough?''



By Kelce S. Wilson, PhD, MBA, JD and Jeff Hughes

Mr. Hughes may be reached at: jeff.hughes@tenet3.com

It may be inevitable that your firm or one of your clients suffers a serious data breach - despite efforts to remain current with the latest protection systems. When that happens, will you have a convincing argument, based on objective and technically sound criteria, that you or your client had expended reasonable efforts to maintain data security? Or, will accusations of negligence be more convincing and set the tone for post-incident sanctions and penalties?

You canít provide a convincing defense if you had no basis for defining what a reasonable level of effort should have been prior to the incident. So ask your clients and inquire around your firm, have your panic attack when you find a dearth of objective criteria, and then read on to find a solution.

Law firms, just as public and other private sector organizations, struggle to determine what cyber security investments are appropriate and beneficial in protecting the critical parts of their business operations. Managers of large information technology (IT) systems make policy and technology choices on a regular basis that impact both their usersí experience and their systemís confidentiality, integrity, and availability. Lacking empirical data, these choices are often made using mere (allegedly) expert opinion. Dependencies and competing interests from proc...

To view the complete article you must be logged in
Login Now

Not A Member Yet? Sign Up For A Free 10 Day Trial Account!


  © Copyright 2014 Intellectual Property Today
Download Adobe Reader for free