The term "reasonable cybersecurity" gets batted around all the time
But what, exactly, is the standard for reasonable
We interviewed nationally known cybersecurity and data privacy attorney Shawn Tuma, of Spencer Fane, LLP at SecureWorld Dallas. Here's what he says organizations should be aiming for in 2018.
Watch the video for the complete interview, however, here are some of his key points:
"Reasonableness is defined by your company itself, and that's where you have to start, with a risk assessment. You have to prioritize it and implement a plan. No one can do everything at once, and no one expects that. And when you can show you've done those things and you've made legitimate efforts to combat the risk your company faces, then even when you do have an incident, it makes you look so much better in the eyes of the regulators, the judges, and the attorneys."
This is his high-level answer to what reasonable
Tuma also shared a number of specifics. More on that in part two of our conversation with him, on steps toward reasonable cybersecurity.