Cybersecurity is a major concern for multiple functions of a company, as well as for compliance with regulatory requirements. IT groups take the lead in crafting and detailing security policies, but involvement by the legal team is helpful for a common understanding of legal requirements for maintaining proprietary information and trade secret protection, and for the legal team to understand the strengths and limitations of the tools available. It also allows the groups to be able to communicate in a shared language and establish cybersecurity procedures that help to effectively protect commercial advantages.
The NIST Cybersecurity Framework is a suggested approach to create a cybersecurity process, while ISO 27001 — of the ISO 27000 series of standards — is used by independent auditors to certify that an entity has met a requisite level of protecting sensitive company information through physical, environmental, and human resource security and access control. These are both commonly used approaches for creating and implementing best practices for cybersecurity risk management processes.
The information security management processes of the NIST Framework and the ISO 27000 series standards are widespread and leading best practices for cybersecurity, and can be used to create and document measures taken to protect trade secrets and proprietary information. Understanding the NIST Framework and information security guidelines are useful tools that can help counsel to participate in and influence activities and discussions with the teams that develop, manage and implement cybersecurity processes.