Information security has now moved beyond compliance and IT due diligence and into the direct concern of top corporate executives and their legal teams. Boards of directors, CEOs, and others are more in tune with the gaps in their organizations’ information security programs than ever before and are looking for ways to mitigate the risk these gaps create.
Insurers have come to the table with a new product to try to fill the market need: cybersecurity insurance. These policies are drafted to cover losses associated with cybersecurity incidents, including forensic costs and legal fees.
While cybersecurity insurance sounds great at a high level, are businesses truly aware of whether or not they provide actual benefit? Do organizations understand how cybersecurity insurance plays with—or doesn’t—contractual obligations pushed down from their customers? Should businesses be focusing more on proactive security safeguards to avoid an incident and less on reactive solutions designed to save cost?
Mark Stanislav and Nick Merker merge the worlds of information security and law to give a direct analysis of what businesses are getting right and wrong when it comes to security programs and how they can be more prepared to succeed—with or without insurance policies on hand. Mark offers his perspective on often overlooked or underutilized defensive techniques that can provide true security value for less than a cybersecurity insurance deductible, gained from helping build security programs for organizations, and explores how his customers deal with the subject of cybersecurity insurance. Nick then speaks to the legal technicalities of cybersecurity insurance, sharing what businesses should know, the pros and cons of these types of policies, and some public stories of coverage success and failures.
Come join Mark and Nick as they dive into the nascent world of cybersecurity insurance, relating stories of success and failure and providing guidance to strengthen organizations, with the goal of making insurance policies your last line of defense.
Mark Stanislav is the Director of Application Security for Duo Security. Mark has spoken internationally at over 100 events, including RSA, DEF CON, SOURCE Boston, Codegate, SecTor, and THOTCON. Mark’s security research and initiatives have been featured by news outlets such as the Wall Street Journal, the Associated Press, CNET, Good Morning America, and Forbes. Mark is the cofounder of the Internet of Things security research initiative BuildItSecure.ly. He is also the author of Two-Factor Authentication. Mark holds a BS in networking and IT administration and an MS in technology studies focused on information assurance, both from Eastern Michigan University. During his time at EMU, Mark built the curriculum for two courses focused on Linux administration and taught as an adjunct lecturer for two years. Mark holds CISSP, Security+, Linux+, and CCSK certifications.
Nick Merker is a partner and cochair of Ice Miller’s Data Security and Privacy practice. With almost a decade of hands-on, prelegal computer systems, network, and security experience in the public and private sector, Nick bridges the gap between information technology and the law. Privacy law and technology are both constantly changing; Nick assists clients by analyzing laws against emerging technology and preparing clients to address regulatory and contractual audits, customer expectations, and assessment of risk. Nick also strives to educate others on trending privacy issues. He is a member of the faculty at the International Association of Privacy Professionals, where he leads privacy training across the globe to executives, engineers, lawyers, and managers. Nick teaches a Data Security and Privacy Law course at the Robert H. McKinney School of Law at Indiana University and is a frequent author and speaker on privacy issues at conferences and in multiple publications. Nick holds CISSP and CIPT certifications.
Comments on this page are now closed.
©2016, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com