CHAPTER ONE. OVERVIEW OF CYBERSECURITY AND CYBERSECURITY LAW§ 1.1 INTRODUCTION (A.) Brief History of Computing in the Cybersecurity Context (B.) Introduction to the Relationship Between Cybersecurity, Cybersecurity Law and Privacy Lawand “Reasonable Security Measures”§ 1.2 WHAT IS CYBERSECURITY LAW?§ 1.3 RESPONSIBILITIES OF A CYBERSECURITY PROFESSIONAL (A.) Vulnerability Analysis(B.) Cybersecurity Tools(C.) Inhouse Development of Products and Services.(D.) Incident Response Responsibilities§ 1.4 RESPONSIBILITIES OF A CYBERSECURITY COUNSELOR.CHAPTER TWO. RANSOMWARE § 2.1 OVERVIEW.§ 2.2 RANSOMWARE PREVENTION (A.) Awareness and Communication(B.) Address Ransomware Infection Vectors(C.) Create and Maintain an Incident Response Plan§ 2.3 POST-RANSOMWARE ATTACK§ 2.4 RANSOMWARE RELATED LAWS AND LAWSUITSCHAPTER THREE. FEDERAL TRADE COMMISSION ENFORCEMENT AND CYBERSECURITY LAW § 3.1 INTRODUCTION.(A.) FTC Cybersecurity Overview (B.) FTC Enforcement Generally § 3.2 WYNDHAM AND SUBSEQUENT ENFORCEMENT ACTIONS (A.) Reasonable and Appropriate Security Measures Standard(B.) General Format of FTC Cybersecurity-related Orders(C.) Federal Trade Commission v. Wyndham § 3.3 THE SUFFICIENCY OF FTC COMPLAINTS: D-LINK SYSTEMS§ 3.4 THE LABMD MATTER AND THE SPECIFICITY OF FTC ORDERS § 3.5 ADDITIONAL FTC MATERIALS § 3.6 CHILD ONLINE PRIVACY AND PROTECTION ACT CHAPTER FOUR. THE GRAMM-LEACH-BLILEY ACT AND FTC SAFEGUARDS RULE § 4.1 INTRODUCTION.§ 4.2 FTC’S JURISDICTION UNDER GLBA§ 4.3 THE OLDER FTC SAFEGUARDS RULE § 4.4 THE NEW FTC SAFEGUARDS RULE (ADOPTED OCTOBER 2021)§ 4.5 ADDITIONAL COMMENTARY CONCERNING FTC’S NEW SAFEGUARDS RULE§ 4.6 FTC GLBA/FTC SAFEGUARDS RULE CASES(A.) In the Matter of Ascension Data & Analytics, LLC (B.) Mortgage Solutions FCS, Inc(C.) In the Matter of LightYear Dealer Technologies, LLC(D.) Equifax, Inc(E.) In the Matter of PayPal, Inc(F.) In the Matter of TaxSlayer(G.) PLS Financial Services, Inc., et al(H.) In the Matter of ACRAnet, Inc(I.) SettlementOne Credit Corporation(J.) Fajilan and Associates, Inc§ 4.7 PRIVATE CAUSES OF ACTION USING GLBA AND SAFEGUARDS RULE § 4.8 NEW YORK DEPARTMENT OF FINANCIAL SERVICES CYBERSECURITY REGULATION§ 4.9 CYBERSECURITY REGULATIONS FOR FINANCIAL INSTITUTIONS (A.) Security Guidelines.(B.) Enforcement(1.) OCC Enforcement (2.) FDIC Enforcement(3.) Federal Reserve System Enforcement(C.) National Credit Union Administration (D.) U.S. Commodity Futures Trading Commission .(E.) Federal Financial Institutions Examination Council CHAPTER FIVE. U.S. SECURITIES AND EXCHANGE COMMISSION CYBERSECURITY§ 5.1 INTRODUCTION§ 5.2 REGULATION S-P AND REGULATION SCI(A.) Regulation S-P (B.) Regulation SCI (C.) Selected SEC Cybersecurity Guidance§ 5.3 SEC ENFORCEMENT(A.) Overview of SEC Enforcement Actions and Example Matters(B.) Other SEC Enforcement Actions§ 5.4 PRIVATE LITIGATION CONCERNING SECURITIES FRAUD FOR DATA BREACH§ 5.5 SEC INTERPRETIVE GUIDANCE ON PUBLIC COMPANY CYBERSECURITY DISCLOSURES AND THE YAHOO! MATTER CHAPTER SIX. HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT§ 6.1 INTRODUCTION§ 6.2 THE HIPAA SECURITY RULE AND BREACH NOTIFICATION RULES(A.) Security Rule: Administrative, Physical and Technical Standards(1.) Additional Security Rule Related Provisions(B.) Breach Notification Rules(C.) Office of Civil Rights Enforcement Actions Concerning HIPAA191(D.) Examples of Enforcement Actions Resulting in Resolution Agreements(1.) Metropolitan Community Health Services Matter (2.) Compliance Investigations Triggered by Data Breaches and Resolution Agreements (3.) Other Resolution Agreements.(E.) Private Litigation and HIPAA CHAPTER SEVEN. FAMILY EDUCATION RIGHTS AND PRIVACY ACT AND OTHER FEDERAL REGULATIONCONCERNING CYBERSECURITY§ 7.1 INTRODUCTION§ 7.2 FERPA(A.) DOE Guidance from the Privacy Technical Assistance Center (B.) Additional Cybersecurity Requirements for Title IV Schools(C.) Office of Inspector General U.S. Department of Education Technology Crimes Division§ 7.3 OTHER FEDERAL CYBERSECURITY REGULATIONCHAPTER EIGHT. STATE CYBERSECURITY LAWS 8.1 INTRODUCTION§ 8.2 STATE BREACH NOTIFICATION LAWS (A.) Selected State Data Breach Notification Laws.(B.) National Conference of State Legislatures on Security Breach Notification Laws.(C.) Example of Private Cause of Action Cases Brought Under State Breach Notification Laws§ 8.3 STATE STUDENT DATA PRIVACY LAWS (A.) CALIFORNIA (SOPIPA)(B.) ILLINOIS (SOPPA)(C.) COLORADO(D.) TEXAS (E.) NEW YORK (F.) VIRGINIA § 8.4 DATA SECURITY LAWS(A.) National Conference of State Legislatures Table on Data Security Laws(B.) Specific Data Security Laws(C.) State Data Protection and Privacy LawsCHAPTER NINE. ADDITIONAL PRIVATE CAUSES OF ACTION FOR CYBERSECURITY BREACHES§ 9.1 INTRODUCTION§ 9.2 STANDING § 9.3 STANDING CASES § 9.4 OTHER COMMON LAW AND STATUTORY CAUSES OF ACTION§ 9.5 CLASS CERTIFICATION CHAPTER TEN. CYBERSECURITY RISK ASSESSMENT AND NATIONAL INSTITUTE OF STANDARDS ANDTECHNOLOGY RISK MANAGEMENT FRAMEWORK § 10.1 INTRODUCTION§ 10.2 RISK ASSESSMENT (A.) Risk Analysis§ 10.3 CYBERSECURITY FRAMEWORKS § 10.4 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) RISK MANAGEMENT FRAMEWORK (A.) Introduction and Overview of the NIST Risk Management Framework § 10.5 NIST 800 SERIES OF SPECIAL PUBLICATIONS (A.) Federal Information Processing Standards, NIST Special Publications and NIST InteragencyReportsCHAPTER ELEVEN. LAWS PROHIBITING AND ADDRESSING HACKING § 11.1 INTRODUCTION§ 11.2 FEDERAL COMPUTER FRAUD AND ABUSE ACT (A.) Unauthorized Access or Access Exceeding Authorization(B.) Damage or Loss§ 11.3 STATE CYBERCRIME LAWS RELATED TO CYBERSECURITY (A.) Washington State Law (B.) California State Law (C.) Overview of Other State Criminal Cybersecurity-related Laws§ 11.4 DEFEND TRADE SECRETS ACT AND ECONOMIC ESPIONAGE ACT(A.) Defend Trade Secrets Act (B.) Economic Espionage Act§ 11.5 STORED COMMUNICATIONS ACT(A.) Selected Provisions of the Stored Communications Act and Discussion 11.6 DIGITAL MILLENNIUM COPYRIGHT ACT (A.) Selected Provisions of the Digital Millennium Copyright Act(B.) DMCA Cases CHAPTER TWELVE. INTERNET OF THINGS § 12.1 INTRODUCTION§ 12.2 BACKGROUND INFORMATION CONCERNING IOT§ 12.3 NIST GUIDANCE DOCUMENT: FOUNDATIONAL CYBERSECURITY ACTIVITIES FOR IOT DEVICE MANUFACTURERS§ 12.4 CALIFORNIA INTERNET OF THINGS LEGISLATION§ 12.5 COMPLAINT CONCERNING INTERNET OF THINGS AND CYBERSECURITY § 12.6 FEDERAL INTERNET OF THINGS LEGISLATION.CHAPTER THIRTEEN. CYBERSECURITY: AN INTERNATIONAL PERSPECTIVE.§ 13.1 INTRODUCTION§ 13.2 MOVEMENT TOWARD A COMPREHENSIVE CYBERSECURITY TREATY(A.) United Nations Efforts Towards Regulating Cybersecurity(1.) United Nations Resolutions Concerning Cybersecurity(2.) The U.N. Group of Governmental Experts and Open Ended Working Group Reports (B.) Other State Efforts to Create International Consensus Regarding Cybersecurity Law § 13.3 GDPR (A.) Standard Contractual Clauses§ 13.4 EUROPEAN CONVENTION ON CYBERCRIME § 13.5 TALLINN MANUAL § 13.6 U.S. CYBERSPACE SOLARIUM COMMISSION REPORT § 13.7 REGIONAL FREE TRADE AGREEMENTS (A.) Asia-Pacific Economic Cooperation Cross-Border Privacy Rules System (B.) Comprehensive and Progressive Agreement for Trans-Pacific Partnership(C.) United States-Mexico-Canada Agreement.TABLE OF CASES INDEX