We have all heard the saying “It’s not a question of if but rather, when a cyber incident will affect an organization” — however, increasingly, organizations are being judged on “how” they respond to such incidents. This text is designed to be a helpful resource for in-house counsel, corporate executives, and lawyers involved in preventative planning and incident response management of cybersecurity matters. This book provides a discussion and analysis of the background and foundation of the law as well as a practical guide to best practices.
This comprehensive handbook brings together expertise from industry leaders and outlines best practices for network security, asset management, assessing threats and vulnerabilities, amongst other areas of cyber protection. It covers key areas such as procurement, insurance, and selection of cybersecurity vendors. It also discusses topics such as supply chain risks, corporate governance, due diligence in M&A transactions and the role of the Board of Directors and their duties in overseeing cybersecurity matters. Content also includes law enforcement, credit monitoring, and litigation exposure.
This new edition not only updates all chapters included in the first edition but also features 7 new chapters covering such topics as: cybersecurity considerations for business transactions; technical considerations for incident management; reporting and notification requirements under regulatory authorities; public sector privacy considerations; cross-border considerations for managing a cybersecurity incident; reporting to and working with law enforcement; and Legal Privilege during breach response. Also included is a useful Glossary of terms and many useful precedents and checklists.
Table of Contents
Chapter 1: Overview of the Canadian cybersecurity landscape
Chapter 2: Best practices to implement prior to a breach
Chapter 3: Cloud computing
Chapter 4: Procurement considerations for Cybersecurity
Chapter 5: Supply chain cybersecurity
Chapter 6: Cybersecurity considerations for business transactions
Chapter 7: Oversight obligations of the board of directors and management
Chapter 8: Incident management
Chapter 9: You’ve been breached!: technical considerations for incident management
Chapter 10: Reporting and notification requirements under privacy laws
Chapter 11: Reporting and notification requirements under other regulatory authorities
Chapter 12: Public sector cybersecurity
Chapter 13: Cross border considerations for managing a cybersecurity incident
Chapter 14: Reporting to and working with law enforcement
Chapter 15: Legal privilege during breach response
Chapter 16: Litigation exposure
Chapter 17: Cyber and privacy insurance
Chapter 18: Credit monitoring
Chapter 19: Communications best practices for cyber incidents