The Singapore Academy of Law Journal has published an article authored by Bridget Mead, Jared Paul Miller, Paul Flanagan, and Fathom Cyber’s own James Goepel on establishing “reasonableness” under the #law in the context of #cybersecurity and #data #privacy. In the article, the authors explore a variety of concepts, including:
- the need for federal-level privacy laws in the United States;
- how to integrate cybersecurity and data privacy risks into an organization’s Enterprise Risk Management program;
- the important role industry standards such as NIST SP 800-171, the NIST Cybersecurity Framework (“NIST CSF”), and the US Department of Defense’s Cybersecurity Maturity Model Certification (“CMMC”) play in defining reasonableness;
- the critical role compliance plays in establishing reasonableness and the overall defensibility of an organization’s cybersecurity program; and,
- supply chain cybersecurity issues.
Although published in Singapore, the article has applicability worldwide. The article should be very useful to judges, litigators, policy makers, and others as they wrestle with the concepts of whether a particular cybersecurity or data privacy program is “reasonable”. The article can be viewed here: