Why IT Security Guys Now Also Need To Be Legal Experts
from the welcome-to-the-modern-world dept
Every so often we get complaints from people who point out that this site is called "Techdirt," and yet quite frequently talks about the legal issues. There are a few different responses to this, but one of the key points is that, if you're in the tech field these days, you actually really do need to be pretty familiar with the law in a lot of ways. This is a point that I've been thinking about a lot lately, so it seemed like great timing when Michael Scott directed our attention to an article about how IT and security folks now need to recognize that legal risks are a big part of the security realm:The era of legal defensibility is upon us. The legal risk associated with information security is significant and will only increase over time. Security professionals will have to defend their security decisions in a foreign realm: the legal world. This article discusses implementing security that is both secure and legally defensible, which is key for managing information security legal risk.It certainly takes things pretty far outside the world where information security folks are used to living. And while there may be a sense of being able to defend the technological decisions should there be a security breach, reaching the level of "legal defensibility" involves a whole different set of issues.
The blog post linked above notes that we're still early in realizing this overlapping arena of security and law, and it's important to have folks from all of these disciplines work together:
Now is the time for legal, privacy and security professionals to break down arbitrary and antiquated walls that separate their professions. The distinctions between security, privacy and compliance are becoming so blurred as to ultimately be meaningless. Like it or not, it all must be dealt with holistically, at the same time, and with expertise from multiple fronts. In this regard we must all develop thick skins and be not afraid to stop zealously guarding turf. The reality is, the legal and security worlds have collided, and most lawyers don't know enough about security, and most security professionals don't know enough about the law. Let's change that.Indeed. In fact, this is part of the reason that I made sure there was at least some legal discussion in our upcoming webinar on security in the cloud -- because it's an important aspect of security these days, and the cloud raises some serious legal questions (if you haven't registered yet, please do!). But making sure that legal and security/IT people are talking about this regularly is important. Otherwise, you can bet that the legal folks are going to make decisions that are going to come back to haunt those in the IT and security worlds...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: it, legal defensibility, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
A lot of the dirt is in the law and how the laws govern tech and innovation.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The post has nothing to do with the cloud. At the end, I mention the webinar, because it's a topic that is of interest to those actually interested in this article.
too bad you are as transparent as a they come.
In most worlds, transparency is considered a good thing. Curious as to what's wrong with transparency? Also a bit confused as to why telling people about a webinar we're doing is somehow a bad thing.
[ link to this | view in chronology ]
Re: Re:
you are transparent about jumping on bandwagons. this month its cloud computing, no doubt because of the sponsors paying you to talk about it. there is a difference between transparent and transparency, you know that, but hey, play dumb if you like.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Who cares what you think, you're an idiot.
"i suspect he he was turned down or kicked out of the media business, maybe because nobody wanted to work with his previous failed business model"
His business model doesn't depend on government lobbying and it's still successful. The only failed business models are the ones that depend on government lobbying. They would fail if it weren't for laws that unfairly benefit them. and big media is corrupt, they censor the perfectly legitimate discussions we have here on Techdirt in favor of dishonestly presenting only one side of these issues, so the fact that Mike isn't with them only strengthens his legitimacy. Big media would be afraid to put Mike on there, he would completely humiliate them to the masses.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
I fraking refuse
there the problem
just look at how hollywood acts
now you wan that in the IT world
OMG STFU on that plan
[ link to this | view in chronology ]
Re: I fraking refuse
[ link to this | view in chronology ]
legal woes.
ie: Ya gotta know person, property, behavior, fact law + procedures.
any first year law student can tell ya that. the process of rationalizing the market (from what'is name, the techbook publisher. invented web 2.0)
contrasted with the dynamics of revolution/evolution
(turning the cloud into standards+ bucks)
is evolution in action. ie: killing /watching dinosaurs die off. rev theory goes thru terror, colaspe to old form + working new soc forms. phases.
packrat
[ link to this | view in chronology ]
Re: legal woes.
[ link to this | view in chronology ]
Sure, a legal team at a company may understand some of it. Not always.
However, consider Terms of Service agreements where service is terminated due to a simple DMCA complaint. Now companies are working with RIAA with threats to terminate users.
While the legal team for these providers may believe that the TOS or Contract law supersedes the Federal Copyright law, the termination of service does in fact, void limitations on liability.
The fact is that if a user provides a counternotification, the provider can not restore the content if the user is terminated. Thus, the user can sue in a court of law and has the potential to win, especially if the DMCA notification was false.
That being said, Mike has been doing an outstanding job in my opinion and in the opinion of many people in the IT and computer law arena.
Prof. Marcia K. Wilbur
author: Decade of the DMCA
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
The fact is that the article title does leave something to be desired and I can see there are some strong opinions regarding the content also.
Understanding legal matters is really essential.
FCC rules do not apply here.
[ link to this | view in chronology ]
I read techdirt BECAUSE of tech and law.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Everyone Needs to be a Mini-Secuirty Officer Now
[ link to this | view in chronology ]
@ those wantign hackers to become lawyers - GOOD LUCK WITH THAT
there does not need be any more waste of resources on law
LAW already is too complex , if you want no one programming then by all means make then idiot lawyers.
all they will write is EULA's by the bag full and hten no software will be made.
[ link to this | view in chronology ]
Law Schools - Advice?
Do you have any insight on which law schools are experienced with this type of law? I am transitioning from an internal audit role to information security, and I think a JD might be a better path to take than an MBA... but I am unsure where to get started.
Thanks for your help,
-Tyler
[ link to this | view in chronology ]
Re: Law Schools - Advice?
Actually... not sure... but pay attention to our next webinar, which we'll be announcing this week. That may have some useful info.
[ link to this | view in chronology ]
Re: Re: Law Schools - Advice?
Prof Wilbur
[ link to this | view in chronology ]