ISSA International Series: Regulation and Legislation

We all realize that our security jobs are much more than just specifying technology and controls, protecting and defending our infrastructure, and investigating incidents. Over the last year privacy has been mainstreamed with GDPR going into effect, California passed its own version of GDPR, and with 40 + privacy laws in the US, and more just over the horizon. In addition, some of the questions around cloud and privacy have been addressed with the Cloud Act (which gives government agencies direct access to consumer information in the cloud). We also see more government export controls looming on the horizon. These controls will impact cyber tools and techniques and our ability to test and mitigate vulnerabilities while complying with laws and regulations. While we may not have all the answers, we will review the current state of our world. To do this, we will bring in legislative and regulatory experts to discuss the changes and some of the directions we see looming. Some of the questions we will try to address are: what happens when these laws and regulations conflict with one another what happens when these controls impact our ability to do our job can we mitigate any of our liability by just getting insurance. Moderator: Michael Angelo, Chief Security Architect, Micro Focus | NetIQ Speakers: Maher Shomali, Partner, Thomsen & Burke LLP Randy Sabett, Cooley, LLP Lisa Angelo, Attorney, Cyber Law & Insurance