No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • GRC Connect U.S.
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

Justice Department Provides Cybersecurity Guidance

by Shamoil Shipchandler
May 27, 2015
in Risk
Justice Department Provides Cybersecurity Guidance

with contributing author Robert Crowley

In late April, the Department of Justice’s Cybersecurity Unit provided a set of voluntary best practices for companies faced with the prospect of data breaches. The DOJ’s best practices were expressly developed with smaller organizations in mind and incorporate lessons learned from both federal prosecutors and private sector companies who have experienced cyber incidents. In contrast with some of the other guidance from federal regulatory agencies, the two predicates underlying the DOJ’s recommendations are preparation and common sense. And because of its accessibility, expect that the DOJ’s best practices will become the default standard of care for the private sector.

According to federal law enforcement agencies and regulators, it is not a matter of “if” a particular company will suffer a data breach, but “when.” Compounding the issue is the nature of the threat: external hackers are actively working to circumvent a company’s cybersecurity, but all too often a company’s own employees cause a data breach by careless action. Therefore, the DOJ’s best practices emphasize that the best approach is to begin planning immediately, because “[a] cyber incident is not the time to be creating emergency procedures or considering for the first time how best to respond.” The DOJ’s recommendations are well-grounded in common sense and should be practical for most organizations to implement and follow.

On the front end, the key takeaways from the DOJ’s guidance are that: (1) companies should identify in advance what mission critical needs they must protect (described in the best practices as their “crown jewels”); (2) companies should have actionable plans in place before intrusions occur; and (3) companies should ensure that they have the right resources – with emphasis on the right people – lined up in advance. Included among those “right people” are counsel who are accustomed to addressing issues associated with data breaches in order to reduce incident response times and leverage pre-existing relationships with forensic providers, media and law enforcement.

Once a cyber-incident occurs, the appropriate response will always vary based on the nature of the organization, the kind of information it has and the nature of the incident itself. However, the DOJ recommends a series of practical steps not only to mitigate the harm a cyber-incident can cause to the victim organization and others, but also to aid law enforcement in investigating, and possibly responding to, such an incident.

Each one of the DOJ’s best practices may not match every company’s needs, resources or risk profile perfectly — for example, the DOJ guidance does not reference state notification guidelines.  That said, using the DOJ’s best practices as a checklist to track a company’s cybersecurity preparations and to recognize what the federal government, shareholders and customers may come to expect would be advisable.  Prudent companies should afford significant consideration to the DOJ’s recommendations where practical, and they should have reasoned explanations for why their own cybersecurity preparations differ from the best practices.


Previous Post

The Importance of Risk Culture

Next Post

Levi Strauss and Auditing of Third Parties

Shamoil Shipchandler

Shamoil Shipchandler

Shamoil Shipchandler headshot 5-12-14 (457x640)Shamoil T. Shipchandler is a white collar defense partner at Bracewell & Giuliani in Dallas, where he counsels corporate and individual clients regarding statutory and regulatory compliance and advises companies and corporations who were victimized through white collar crime or cybercrime.  Previously, Shamoil was a former Deputy Criminal Chief with the United States Attorney’s Office for the Eastern District of Texas, where he served for nearly 10 years as the Attorney-in-Charge of the Plano Office and as the Asset Forfeiture Chief. During his tenure with the Department of Justice, Shamoil handled the prosecution of some of the largest and most significant complex white collar matters in North Texas, including cases involving securities fraud, mortgage fraud, tax evasion, bank fraud, mail and wire fraud, computer sabotage, money laundering, public corruption, theft of trade secrets and immigration fraud. Shamoil is a frequent nationwide instructor regarding trial techniques, professional responsibility, asset forfeiture, money laundering and substantive white collar crimes. Shamoil has developed and presented financial investigations courses to U.S. Attorney’s offices and local state and federal law enforcement, as well as to Bosnian and Macedonian prosecutors and judges. Shamoil received the 2011 Director’s Award, a Department of Justice-wide recognition, for his work in the United States v. Barry, et al. prosecution. He can be reached at shamoil.shipchandler@bgllp.com  

Related Posts

Cable Product Launch

Cable Launches Tool to Automate Transaction Testing

by Corporate Compliance Insights
November 30, 2023

Financial crime assurance platform Cable has launched a new product, Transaction Assurance, aimed at improving fincrime compliance and transaction testing....

businessperson going over cyber budget

Sagging Budgets Continue to Plague Cybersecurity Teams

by Staff and Wire Reports
November 30, 2023

Report: U.S. budgets grow by just 1%

map of gaza and israel

You’re Reading a Lot About Israel & Gaza. But Not Here.

by Jennifer L. Gaskin
November 29, 2023

Commentary about Israel and Gaza continues to draw swift rebukes — on all sides of the conflict. With corporate boycotts...

qantas planes on ground

How to Lose a Sterling Reputation in 3 Years: The Story of the ‘Lying Kangaroo’

by Calvin London
November 29, 2023

Once a beloved cultural icon, Qantas has a long journey back into the hearts of the Australian public

Next Post
Levi Strauss and Auditing of Third Parties

Levi Strauss and Auditing of Third Parties

Available SQ

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2023 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Events
    • GRC Connect U.S.
    • Calendar
    • Submit an Event
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
    • On-Demand Webinars: Earn CEUs
  • Subscribe

© 2023 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT