Materials — Incident Response Forum 2017

Materials by Panel

I. Counsel as Quarterback in Incident Response

• Yahoo’s Warning to GCs: Your Job Description Just Expanded (Big-Time), by David Fontaine and John Reed Stark 
• Boards of Directors and Cybersecurity:  Applying Lessons Learned From 70 Years of financial Reporting Oversight, by David Fontaine and John Reed Stark (Cybersecurity Docket, 2016)
• Navigating the Digital Age: The Definitive Cybersecurity Guide For Directors and Officers, by Ted Kobus et al (Georgia Tech Institute for Information Security and Privacy, 2016)
• Learning to Live with Imperfect Security, by Ted Kobus (Corporate Counsel, June 2015)
• Cyber Alert: 2016 Breach Roundup, Part I: U.S. State Data Breach Notification Laws Highlights and Trends (Alston & Bird, December 2016) 
• Cyber Alert: 2016 Breach Roundup, Part II: U.S. and EU Data Breach Notification Regulations Highlights and Trends (Alston & Bird, January 2017)

II. Managing Health Care Firm Data Breaches

• CareFirst Data Breach: A Primer on its Incident Response, by John Reed Stark (Cybersecurity Docket 2015)
• Data Breach Liability:  Critical Steps for Rx, by Catherine O’Neil & Nicholas Oldham (Insights) 

III. Managing Retail Data Breaches 

• Amazon Unfair Practice Case May Affect Data Breach Cases, by Doug Meal, David Cohen and Joseph Cleemann (Law 360, July 2016)
• You Don’t Need a Data Breach to Face Regulatory Scrutiny, by Kimberly Keifer Peretti and Jason Wool (Law 360 2016)
• Data Privacy and Security Practice Report (King and Spalding Client Alert 2015)
• Recent Decisions Highlight Product Cybersecurity Issues, by Heather Sussman, Doug Meal and David Cohen (Law 360, 2016)
• St. Joseph Demonstrates Challenges for Breach Plaintiffs, By Doug Meal, Mark Szpak and David Cohen  (Law 360, 2015)
• Cyber Alert: Security Vulnerabilities: You Don’t Need a Breach to Face Regulatory Scrutiny (Alston & Bird, September 2016)

IV. Managing Financial Firm Data Breaches 

• 8 Critical Lessons From Morgan Stanley Cybersecurity Case, by John Reed Stark, October 2016
• SEC Pushes New Limits on Cybersecurity, Securities Fraud, by John Reed Stark (Compliance Week, 2016)
• Avoiding Vanguard’s Cybersecurity Stumble, by John Reed Stark (Compliance Week 2016)
• Cybersecurity Preparedness & Response Alert:  Effective Cybersecurity: The Evolving Regulatory Landscape for Investment Advisers, Investment Companies and Broker-Dealers, by Alston and Bird (Including Kimberly Kiefer Peretti)  (JDSupra Business Advisor, 2016)
• Cyber Alert: NY Governor Cuomo Announces Final NYDFS Cybersecurity Regulations (Alston & Bird, March 2017)
• NYDFS issues final cybersecurity regulations, setting new industry standard for cybersecurity controls (Sidley, February 2017)

V. Managing Data Breaches Across Borders

• Pratt’s Privacy and Cybersecurity Report (Volume 2, Number 4, 2016)
• Presidential Cybersecurity Commission Issues Ambitious Policy Roadmap for Next Administration, by Benjamin Powell, Jonathan Cedarbaum and D. Reed Freeman (WilmerHale 2016)
• Ensuring Best Practices in the Investigation of an Incident, by David Fagan, Ashden Fein and David Bender (Cybersecurity Law and Practice Report, 2016)
• 2016 Privacy Year In Review, by Winston & Strawn LLP (Feb. 2017)

VI. National Security and Cyber-Attacks

• Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats, by John Carlin (Harvard National Security Journal, 2016)
• Opinion: Here’s how the Trump administration needs to boost cybersecurity, by John Carlin (Marketwatch 2017)
• The Truth About the Russians and the Elections, by John Reed Stark (Law 360, 2016)
• Cybersecurity Requirements Clarified (National Defense, March 2017)
• IMPLICATIONS OF WIKILEAKS PUBLISHING DETAILS OF CIA’S  CYBER ARSENAL (Ankura Consulting Group, March 2017)

VII. Post-Breach Risk Management, Remediation Best Practices and Cyber Insurance Issues

• Top Cybersecurity Concerns for Every Board of Directors, Part One: Cybersecurity Governance, by John Reed Stark (NASDAQ Clearinghouse, December 2016)
• Cyber Insurance:  How to Find the Right Policy, by John Reed Stark (November 2016)
• 5 Tips for Buying and Reviewing Cyber Insurance, by Scott Godes (Law 360, 2014)
• Should Retailers Rely on CGL Coverage For Data Breaches, by John Reed Stark (Law 360, 2015)
• How Insurance Can Protect Your Company, by Scott Godes (Law Journal Newsletter, 2016)
• Cyber-Physical Risks: Are You Covered? (Covington, December 2016)
• Cybersecurity Preparedness & Response Alert: Effective Cybersecurity: You Have a Breach Response Plan … Now How Do You Test It? (Alston & Bird, December 2015)