How would your organization defend itself in a court of law or to regulators in the event of a Cybersecurity incident?
Cybersecurity isn’t merely a technology issue, it is also a legal issue. From contractual obligations to maintain the confidentiality of certain information to legislative and regulatory requirements for how data is stored, when and how to notify affected parties in the event of a breach, and the like, your organization’s approach to cybersecurity directly impacts its legal and business risks. ClearArmor CSRP helps your legal and IT staff work together to ensure the organization is meeting its regulatory and contractual obligations. By employing CSRP, your legal department will be able to answer the following questions and more:
- What role does our senior leadership play in defining our organization’s approach to cybersecurity?
- How often is the senior leadership informed about cybersecurity issues, and who chooses the information presented to them?
- To what regulations and contractual obligations is our organization subject?
- Which industry standard(s) are we using as a basis for our approach to cybersecurity?
- How closely do we align with those standards?
- What steps are we taking to address the gaps between our current state and our preferred alignment with those standards?
- Have we documented why we have chosen to deviate from the standards?
- What data are we collecting that evidence our compliance with our approach to cybersecurity?
- How often is that data audited?
The answers to these questions can be critical when your organization suffers a data breach.