Book Review: Cybersecurity Law, Standards, and Regulations, Second Edition

Cybersecurity Law, Standards and Regulations; By Tari Schreider. Rothstein Publishers; Rothstein.com; 324 pages; $89.95.

Information security generalists who wish to look up relevant laws and court decisions on legal issues will find a highly useful resource in the second edition of Cybersecurity Law, Standards and Regulations. Readable and well-organized, the text is especially valuable for quick searches. Text boxes throughout the book highlight key ideas. Each chapter has self-study questions, making the book suitable for use as a textbook. (This reviewer teaches cyberlaw and will use the text as a standby reference.)

While the work has an extensive index, it does not offer a centralized glossary. Legal texts present many new terms and concepts, so providing a glossary could help the reader refresh definitions with relative ease. On the other hand, the book’s appendix is a great strength. Its “helps” range over seven topics, including eDiscovery software, cybercrime reporting agencies, cyber tort readiness checklist (useful in civil litigation), providers of cyber liability insurance, digital forensics toolkits, cyber liability stress test, and information about establishing a cybersecurity law program. In addition, a list of references serves as an effective research resource. The text, generous in summarizing facts and ideas, also includes numerous tables, which increase understanding.

Relevant cybersecurity legal concepts are discussed broadly. Topics covered in the main discussion include cybercrime taxonomy, basic elements of law (criminal law and torts), extradition (international), U.S. cybersecurity law, privacy and data protection, cryptography and digital forensics law, and future developments in the field.

Other key topics that receive deserved coverage include common causes of cyber legal case dismissal, “Fifth Amendment and Data Encryption,” the right to avoid self-incrimination and cryptographic decryption, and what courts can do to compel evidence about cryptographic keys and passwords. In addition, the European Union Cybersecurity Act discussion provides helpful information for the professional working in the European arena.

While this book is not a substitute for actual legal counsel, the text does supply a yardstick for the information security generalist trying to get an initial handle on a cybersecurity legal issue.

Reviewer: Ronald L. Mendell, CISSP, is a member of ASIS and a faculty member of the College of Information Technology at Western Governors University, where he teaches information security. He is also a consultant who writes about physical and information security.