Cybersecurity is no longer within the sole purview of information technologists –its increased prominence has made it an interdisciplinary problem. Solutions require involvement from many stakeholders. Organizational leaders, including CEOs, financial and privacy officers, lawyers, human resources specialists, policymakers, and many others in both the public and private sectors, must all have a basic understanding of cybersecurity issues if the threats to national security, the economy, and privacy are to be mitigated.
Many cybersecurity issues fall within a legal and policy context. Fundamentally, organizations must know how to comply with and implement new cybersecurity laws, regulations, and standards, and to develop plans and policies in order to prepare forms to respond to, and recover from a cyber incident. there are countless non-technical issues that must be addressed. For example, how can government and the private sector share cyber threat information? Should a company adopt the NIST Cybersecurity Framework? To what extent can an organization monitor the Internet traffic of employees to keep its network safe? what notification requirements are there for businesses that have suffered a cyber-attack? Can or should a victim “hack back” against an attacker? These and many other questions carry complex legal and policy ramifications that must be considered before any action is taken.
The government and Industry are continually searching for qualified professionals to help tackle the most complex legal and policy questions in cybersecurity. Whether it is drafting new laws and regulations, developing plans and policies, or providing legal advice to clients, a grasp of cybersecurity law and policy is critical.
At every stage, professionals of all kinds need to not only understand the basic cybersecurity issues which confront them, but must be able to think critically about the consequences of any decision they might make,