National Institute of Standards and Technology (NIST)

To facilitate cyber incident response in practice, many organizations are building “cybersecurity playbooks” that provide tailored, practical guidance that enhances organizational readiness. During a cyber incident, easy access to actionable material can be central to an effective response. The content, audience and goals for a playbook may vary. For example, they may contain highly technical

American businesses are presented with great economic opportunities as connected devices—often referred to as the Internet of Things—quickly become integrated into consumers’ daily lives. However, these opportunities are accompanied by new legal risks; for example, class action lawsuits have alleged that connected products were inadequately secured against cyber threats or violated user privacy. Against this

On May 11, 2017, President Donald Trump signed Executive Order 13800 (“EO 13800”), titled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” This executive order constitutes the first significant action to address cybersecurity by the Trump administration. The executive order is divided into three sections addressing cybersecurity for federal networks, critical infrastructure, and the

Three years ago, the National Institute of Standards and Technology (“NIST”) released the “Framework for Improving Critical Infrastructure Cybersecurity.” In the intervening years, NIST and numerous other US government departments and agencies have continued to release guidance on how to improve cybersecurity using a tailored risk management framework. In recent months, NIST has continued this

On December 1, 2016, the US Commission on Enhancing National Cybersecurity (the “Commission”) presented its final report to President Obama, Report on Securing and Growing the Digital Economy. While directed to President Obama, the report is also intended to be a helpful guide for the next administration on “strengthening cybersecurity in the public and

Effective responses to cybersecurity incidents rely in large part upon three key elements: personnel, planning and practice. An organization’s incident response team must include capable personnel with the appropriate authority to act, requisite expertise and adequate training. An organization also needs a written plan customized to meet its business, industry and regulatory environment, among other