August 14, 2017 Practice Points

How Companies Can Make Sure Their Cyber Policies Provide Coverage for Data Breaches

Besides knowing the federal, state, and local laws and regulations, companies should thoroughly access their own cybersecurity risks through a risk assessment

by Lori L. Siwik

Companies should develop and maintain a risk management program for addressing their cybersecurity risks. Besides knowing the federal, state, and local laws and regulations, companies should thoroughly access their own cybersecurity risks through a risk assessment. The assessment should include:

  • Defining the system;
  • identifying and classifying critical cyber assets;
  • identifying and documenting the electronic security perimeters;
  • performing a vulnerability assessment;
  • assessing risks to system information and assets;
  • selecting security controls;
  • monitoring and assessing the effectiveness of controls using pre-defined metrics
  • developing and implementing effective cybersecurity policies;
  • determining employees’ level of understanding of cybersecurity and whether training is needed.

(Recently, the American Bar Association Cybersecurity Legal Task Force created a cybersecurity checklist.)

Premium Content For:
  • Litigation Section
Join - Now