Cybersecurity in Our Digital Lives (Protecting Our Future Book 2) by Jane LeClair & Gregory Keeley
Author:Jane LeClair & Gregory Keeley [LeClair, Jane]
Language: eng
Format: epub
Publisher: Hudson Whitman/ Excelsior College Press
Published: 2015-03-03T05:00:00+00:00
Chapter 6
Cybersecurity and the Legal Profession
ANDREW A. PROIA AND DREW SIMSHAW
Introduction
The relationship between the law and cybersecurity continues to grow in significance and
complexity every day. According to a report by the Congressional Research Service, more
than 40 federal laws contain provisions addressing cybersecurity (Fischer, 2013), a
number that is likely to increase in the coming years. Recent large-scale data breaches
have spawned numerous class-action lawsuits against some of the country’s largest
companies, with many of the plaintiffs arguing that it was these companies’ legally
insufficient information security measures that allowed the breaches to occur. Federal
regulators and state attorneys general have also begun utilizing their legal authority to
investigate information security incidents, and ensuring that companies have implemented
reasonable security measures when handling sensitive data.
As governments, industries, and individuals become more reliant on increasingly
complex and vulnerable technologies, professionals skilled in applying, enforcing, and
interpreting the law will play an increasingly important role in cybersecurity. Lawyers,
paralegals, and other legal professionals are becoming keenly aware of the demands
cybersecurity brings to the profession. While great attention is rightfully paid to the need
for technical expertise, an effective cybersecurity workforce also depends, in part, on a
legal profession that fully understands and embraces the importance of cybersecurity.
Overall, “[a] large number of professionals—with not only technical skills, but also an
understanding of cyber policy, law, and other disciplines— will be needed to ensure the
continued success of the U.S. economy, government, and society in the 21st-century
information age” (Kay, Pudas, & Young, 2012).
A need for specialized legal services is created by the numerous statutes, regulations,
legal doctrines, and policies related to the protection of information and information
systems from unauthorized access, use, disclosure, disruption, modification, or
destruction. “Cybersecurity,” “data protection,” and “data security” law and policy
practice areas are taking shape in some of the country’s largest and most prestigious law
firms. Typical among these practice areas are legal services for complying with domestic
and global data security and privacy laws, developing security plans and managing
information security risks, drafting contracts with vendors that require certain security
protections, and supporting organizational responses to data breaches.
At the same time, the legal profession itself faces a number of cybersecurity
challenges and is beginning to recognize the importance of protecting its own assets and
information systems. In some ways, legal professionals are better suited to handle these
challenges than members of other professions; confidentiality is already ingrained into the
culture of legal practice and the top-down power structure of law firms enables partners to
efficiently and effectively enforce priorities, including proper information security plans.
However, other aspects of the legal profession present unique hurdles to achieving
effective cybersecurity. Law firms and lawyers are often averse to discussing the topic
before a breach—which takes time away from providing direct legal services—and after a
breach—when such news can cause embarrassment to the lawyer, the law firm, and its
clients. Basic cybersecurity measures (like keeping up to date on security-relevant
software updates) are sometimes seen as inhibitors to efficiency and convenience, both of
which are highly valued in the fast-paced world of law.
This chapter will examine the unique role of cybersecurity within the legal profession
as both an innovative practice area and an ethical requirement for those practicing law.
First, this chapter will examine the individuals that make up the legal profession and the
unique ethical obligations imposed on practicing lawyers and their staff to implement
reasonable cybersecurity measures. Second, this chapter highlights the threats facing the
profession, and why lawyers and law firms are prime targets for cyber attacks. Third, this
chapter reviews some of the skills necessary for members of the legal profession, and how
these skills shape the cybersecurity law and policy landscape. Finally, this chapter
provides recommendations for the legal cybersecurity workforce and additional resources
for the curious reader.
This discussion does not intend to provide an exhaustive review of the many
components that make up the legal profession’s role in cybersecurity. Instead, the chapter
highlights some of the unique ways in which legal professionals are developing
cybersecurity law and policy as a growing practice area, while also examining some of the
challenges the profession still faces as emerging technology continues to play a critical
role in providing the public with sound—and confidential—legal services. Nothing
contained in this chapter is to be considered as the rendering of legal advice, and readers
should consult legal counsel with any questions or issues they may have.
The Legal Profession’s Unique Cybersecurity Roles and Obligations
The Legal Profession
Legal professionals are among the most educated members of the American workforce,
and should be well suited to understand the complexities of the cybersecurity challenges
that face most organizations and the country. The core professionals within the legal
profession are lawyers, or the men and women who are licensed to practice law. Typically,
a lawyer will have received a bachelor’s degree from an accredited college or university,
and will have received a law degree, known as a “juris doctorate” or “doctor of
jurisprudence,” from a law school accredited by the American Bar Association (ABA).
The practice of law is primarily a self-regulated profession, in which licensing and
practice requirements are governed, for the most part, by state bar associations. In order to
receive a license to practice law in a given state, applicants must be successfully admitted
into a state’s bar. While state requirements vary, bar admission generally requires a law
degree, a rigorous character and fitness examination by the state’s board of bar examiners,
and a satisfactory score on both the Multistate Professional Responsibility Exam and the
state-issued bar examination of the state in which the applicant wishes to practice
(National Conference of Bar Examiners, 2014).
Licensed attorneys, however, represent only one of the many occupations that make
up the legal profession. Non-lawyer legal professionals serve an important function in the
enforcement, administration, and interpretation of law. Paralegals, for instance, are
individuals trained to conduct substantive legal work and assist lawyers in their day-to-day
operations. While not allowed to provide legal advice or otherwise engage in the practice
of law, paralegals work across all legal practice areas and can gain qualifications through
education, training, or work experience (National Federation of Paralegal Associations,
2011). Other positions within the legal profession include court clerks, who help
administer trial proceedings and run many of the day-to-day operations of the judiciary;
and mediators, who help resolve disagreements, such as contract disputes, outside of the
formal legal process (American Bar Association, 2010).
As
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(6834)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(6536)
Machine Learning Security Principles by John Paul Mueller(6502)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(6168)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(6130)
Solidity Programming Essentials by Ritesh Modi(4161)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3798)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3550)
Mastering Python for Networking and Security by José Manuel Ortega(3376)
Future Crimes by Marc Goodman(3367)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3356)
Blockchain Basics by Daniel Drescher(3326)
Learn Computer Forensics - Second Edition by William Oettinger(3297)
Incident Response with Threat Intelligence by Roberto Martínez(3014)
Building a Next-Gen SOC with IBM QRadar: Accelerate your security operations and detect cyber threats effectively by Ashish M Kothekar(2987)
Mobile App Reverse Engineering by Abhinav Mishra(2899)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2889)
The Code Book by Simon Singh(2854)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2798)
