Why IT Security Guys Now Also Need To Be Legal Experts
from the welcome-to-the-modern-world dept
The era of legal defensibility is upon us. The legal risk associated with information security is significant and will only increase over time. Security professionals will have to defend their security decisions in a foreign realm: the legal world. This article discusses implementing security that is both secure and legally defensible, which is key for managing information security legal risk.It certainly takes things pretty far outside the world where information security folks are used to living. And while there may be a sense of being able to defend the technological decisions should there be a security breach, reaching the level of "legal defensibility" involves a whole different set of issues.
The blog post linked above notes that we're still early in realizing this overlapping arena of security and law, and it's important to have folks from all of these disciplines work together:
Now is the time for legal, privacy and security professionals to break down arbitrary and antiquated walls that separate their professions. The distinctions between security, privacy and compliance are becoming so blurred as to ultimately be meaningless. Like it or not, it all must be dealt with holistically, at the same time, and with expertise from multiple fronts. In this regard we must all develop thick skins and be not afraid to stop zealously guarding turf. The reality is, the legal and security worlds have collided, and most lawyers don't know enough about security, and most security professionals don't know enough about the law. Let's change that.Indeed. In fact, this is part of the reason that I made sure there was at least some legal discussion in our upcoming webinar on security in the cloud -- because it's an important aspect of security these days, and the cloud raises some serious legal questions (if you haven't registered yet, please do!). But making sure that legal and security/IT people are talking about this regularly is important. Otherwise, you can bet that the legal folks are going to make decisions that are going to come back to haunt those in the IT and security worlds...