The idea of having a CISO with a legal degree came to me some years back, while I worked as a travelling security consultant. I lost count of the times that a legal opinion was needed to confirm some area of liability or inquire about the propriety of certain methods used to reach certain objectives. It always seemed to me that although most security consultants had a very good idea of what would be legally acceptable, none of the individuals I worked with had the professional qualifications to offer this type of guidance. The result was that corporate counsel, or an outside attorney, would need to be called in to confirm what we all suspected.
This need created new challenges: an outside attorney now had to be brought up to speed on what we were trying to accomplish and the nuances of the situation so we could get an accurate legal opinion. Depending on the attorney’s schedule and individual understanding on matters, this could also create project delays and difficulties between any needed working groups that now had to get acquainted and work together. An additional item was cost: Depending on fees, a project could become paralyzed or a team might accept the risk and simply continue without the benefit of legal counsel.
In view of this, what are some potential benefits to hiring a CISO with legal training or past legal experience?
In researching this article, I came across some information about the benefits of hiring in-house counsel. I noticed that across multiple articles on this subject, authors all seemed to point to similar benefits which I believe can be applied and augmented by having a CISO with legal training. For the purposes of this article, I’ll call this position a “CISO-LT.”
Benefit 1: Supporting the Business’s Growth
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Jesse Valentin. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/DxDWw4INAsA/