Resources

Other Resources

Domestic 

Permanent Sites

Center for Internet Security (CIS) Controls

Cyber Threat Alliance

Data Law Insights Blog
Crowell Moring
Legal Insights on Navigating Privacy, Data Protection, Cybersecurity, Information Governance and E-Discovery

Legal Cloud Computing Association Security Standards

MANDIANT Intelligence Center Reports

National Conference of State Legislatures Task Force on Cybersecurity

Okta Inc.: Checklist: 12 Key Steps for Protection Against Data Breaches

Understanding Cybersecurity Threats in Law Practice
Special Counsel

2020

Top Cybersecurity Resources for Students and Professionals (Purdue University Global)

2020 Data Breach Investigations Report (Verizon)

2020 Experian Data Breach Industry Forecast 

2019

How Much Privacy Do You Have Online? (University of Dayton School of Law)

2019 Data Breach Investigations Report (Verizon)

Resources for Measuring Cybersecurity: A Partial Annotated Bibliography (R Street Institute)

Cyber Risk Assessment (Coalition)

How to Put Together a Knockout Data Security Plan (ColoCrossing)

2019 Experian Data Breach Industry Forecast

Cybersecurity Best Practices for Legal Professionals (Aimee O'Driscoll, Comparitech)

2018

Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War MITRE

The National Academies of Sciences, Engineering and Medicine Released New Report
NAS released an important and timely report on "Decrypting the Encyrption Debate: A Framework for Decision Makers."

Aliens Invade New Mexico: Higher Education and Cybersecurity at a Crossroads
David M. Furr
Gray, Layton, Kersh, Solomon, Furr & Smith

2017

66 Ways to Protect Your Privacy Right Now
Consumer Reports

Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information
Association of Corporate Counsel

Internet Security Threat Report (ISTR) April 2017
Symantec

Avoiding the Bullseye: Cybersecurity Lessons from the Target Litigation
David M. Furr
Gray, Layton, Kersh, Solomon, Furr & Smith

Legal Bulletin: Internet Scams Targeting Attorneys
USI Affinity 

Phishing in Troubled Waters: Confronting Cyber Espionage Across the Pacific and Strait of Taiwan
Center for a New American Security

From Awareness to Action: A Cybersecurity Agenda for the 45th President
Center for Strategic & International Studies

2016

Cyber-Risk Oversight Director's Handbook 2016
National Association of Corporate Directors

Into the Gray Zone: The Private Sector and Active Defense against Cyber Threats
The George Washington University: Center for Cyber & Homeland Security

2016 Cyber Insurance Buying Guide
Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security, American Bankers Association

2015

"What Will You Do When Your Law Firm Is Breached?"
by Sharon D. Nelson & John W. Simek, Law Practice Magazine

Survey of the Law of Cyberspace: An Introduction
John A. Rothchild 
The Business Lawyer, Winter 2015-2016

Job Market Intelligence: Cybersecurity Jobs
Burning Glass, 2015

2013

The Report of the Commission on the Theft of American Intellectual Property The National Bureau of Asian Research

Internet Security Threat Report (2013) Appendix and Supplemental Data
Symantec

Adequate Attribution: A Framework for Developing a National Policy for Private Sector Use of Active Defense
Shane McGee, Randy V. Sabett and Anand Shah
Journal of Business & Technology Law

Active Defense Resources
Louisa K. Marion
Crowell & Moring LLP

Reconsidering Deterrence in Cyberspace
James Andrew Lewis
CSIS

Low-level cyberattacks are common but truly damaging ones are rare
James Andrew Lewis
Washington Post

Creating the Demand Curve for Cybersecurity
Melissa Hathaway

Falling Prey to Cybercrime: Implications for Business and the Economy
Melissa Hathaway

A "Drone Court": some pros and cons
Center on National Security, Fordham Law School - Speech by Jeh Johnson, March 18, 2013

Calling General Counsel to the Front Lines of Cybersecurity
Corporate Counsel by Sue Reisinger, February 2013

2012

Leadership and Responsibility for Cybersecurity
Melissa Hathaway

Stewardship of Cyberspace - Duties for Internet Service Providers
Melissa Hathaway & John Savage

Cybersecurity: The Corporate Counsel's Agenda
Harriet Pearson, December 2012
Privacy and Security Law Report

The Hackback Debate
Stewart Baker and Orin Kerr, November 2012
The vulnerability of computer networks to hacking grows more troubling every year. No network is safe, and hacking has evolved from an obscure hobby to a major national security concern. Yet few cyberspies or cybercriminals have been caught and punished. Law enforcement is overwhelmed both by the number of attacks and by the technical unfamiliarity of the crimes. Can the victims of hacking take more action to protect themselves? Can they hack back and mete out their own justice?

Internet Security Essentials for Business 2.0
U.S. Chamber of Commerce, October 2012
A guide to educate businesses about the common threats to of which they could be come victims.

Governance of Enterprise Security: CyLab Report 2012
Jody Westby, May 2012 
A report on how boards and senior executives are managing cyber risks.

2012 Data Breach Investigations Report
Verizon, March 2012 
A study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and the U.S. Secret Service.       

Five Strategies for Countering Cyber Threats   
Government Executive, 2012 
A study that highlights five key public service efforts under way to strengthen cybersecurity.

2010

Journal of National Security Law & Policy - Cybersecurity (Winter 2010, Vol. 4 No. 1)
This issue contributes to the national debate on cyber-related issues by supplying some of the missing pieces of the discussion, focusing on the largest and most difficult sub-set: cybersecurity.

International

2020

What does 'Schrems II' mean for EU-UK data flows? International Association of Privacy Professionals, July 2020

2017

The Tallinn Manual 2.0
Prepared by the International Groups of Experts at the Invitation of the NATO Cooperative Cyber Defense Center of Excellence

2013

The Tallinn Manual on the International Law Applicable to Cyber Warfare
Edited by Michael N. Schmitt, NATO Cooperative Cyber Defence Centre of Excellence

Cybersecurity: A View From the Front
New York Times by Toomas Hendrik Ilves, April 11, 2013

Exposing One of China’s Cyber Espionage Units 
Mandiant, February 2013
A report exposing a multi-year espionage campaign by one of the largest “Advanced Persistent Threat” (APT) groups that provides evidence linking one group, designated by Mandiant as APT1, to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Unit Cover Designator 61398). It details how it has systematically stolen confidential data from at least 141 organizations across multiple industries.

14 Global Cybersecurity Challenges for 2013
By David Gewirtz, January 2013
Cybercrime, cyberespionage, and straight out cyberattacks will increase in both frequency and ferocity over the next 12 months.The bottom line is 2013 will hurt. When it comes to cyber-preparedness, we are not in the best position. Getting our senior executives, politicians, friends, and family to pay attention and pay for security is perhaps our biggest challenge.

2012

Guidance on Data Security Breach Management Information Commissioner's Office

National Cyber Security Framework Manual   

Edited by Alexander Klimburg 
A manual published by NATO Cooperative Cyber Defence Centre of Excellence that provides detailed background  information and theoretical frameworks to help the reader understand the different  facets of national cyber security, according to different levels of public policy 
formulation.

E.U. Cyber Security Agency Lists Top Emerging Technology Threats
European Network and Information Security, September 2012
The top threats in emerging technology areas include "drive-by exploits," which is the injection of malicious code to exploit Web browser vulnerabilities, said the European Union's cyber security agency in a report issued Tuesday.

A Global Reality: Governmental Access to Data in the Cloud      
Hogan Lovells, May 2012 
A comparative analysis of ten international jurisdictions.

2008

Global Trends 2025: A Transformed World
National Intelligence Council & Office of the Director of National Intelligence, November 2008