curated by Professor Daniel J. Solove
Professor Solove’s Scholarship
Daniel J. Solove and Danielle K. Citron, Risk and Anxiety: A Theory of Data Breach Harms
Daniel J. Solove, Identity Theft, Privacy, and the Architecture of Vulnerability
Professor Solove’s Blogs and Interviews
Daniel J. Solove, The Future of Cybersecurity Insurance and Litigation: An Interview with Kimberly Horn – In this blog post, Professor Solove interviews Kimberly Horn, who is the Global Focus Group Leader for Cyber Claims at Beazley. Kim has significant experience in data privacy and cyber security matters, including guiding insureds through immediate and comprehensive responses to data breaches and network intrusions. She also has extensive experience managing class action litigation, regulatory investigations, and PCI negotiations arising out of privacy breaches
Daniel J. Solove, Did the LabMD Case Weaken the FTC’s Approach to Data Security? – In this blog post, co-authored with Professor Woodrow Hartzog, Daniel Solove analyzes the U.S. Court of Appeals for the 11th Circuit’s long-awaited decision in LabMD’s challenge to an FTC enforcement action: LabMD, Inc. v. Federal Trade Commission (11th Cir. June 6, 2018).
Daniel J. Solove, Cybersecurity vs. Humans: The Human Problem Requires a Human Answer – In this blog post, Professor Solove discusses how information security is only in small part a technology problem and that it is largely a human problem.
Daniel J. Solove, Law Firm Cybersecurity: An Industry at Serious Risk – In this post, Daniel Solove shares the two major reasons that law firms make excellent targets for fraudsters.
Daniel J. Solove, Attorney Confidentiality, Cybersecurity, and the Cloud – In this blog post, Professor Solove examines the significant degree of confusion and lack of awareness about attorney confidentiality and cybersecurity obligations.
Daniel J. Solove, Does Cybersecurity Law Work Well? An Interview with Ed McNicholas – Daniel Solove interviews Ed, a partner at Sidley Austin LLP, and one of the foremost experts on cybersecurity law.
Security Awareness Training
Security Training Awareness FAQ – In this document, Professor Solove answers the following questions (and more) – What does the law require for security awareness training? What are organizations currently doing? What should they be doing?
Privacy Training and Data Security Training Requirements – Many laws, regulations, and industry codes require privacy awareness training and/or data security awareness training. These include 1) International Laws – including GDPR and Personal Information Protection and Electronic Document Act (PIPEDA); 2) US Federal Laws, Regulations, and Treaties – including HIPAA Privacy and Security Rules, Gramm-Leach-Bliley Act (GLBA), FACTA – FTC Red Flags Rule, Federal Information Security Management Act (FISMA), Federal Acquisitions Regulation, and EU-US Privacy Shield Framework; 3) US State Laws and Regulations – including New York Cybersecurity Regulation, Texas Health Privacy Law, and Massachusetts Data Security Law; 4) Standards and Industry Codes – Payment Card Industry Data Security Standard (PCI-DSS), ISO/IEC 27002, and NIST Special Publication 800-53 (Revision 4). This Guide, written by Professor Daniel Solove, will walk you through a brief description of each requirement with excerpts of the relevant provisions.
Effective Security Training – Professor Solove offers 7 tips for making security training for employees more effective and memorable.
What Should Privacy Awareness Training Include – Privacy awareness training educates an organization’s workforce about the way that the organization protects privacy and the workforce’s role in this endeavor. In this post, Professor Solove explains the key components that privacy awareness training should include.
Data Security Training Program – The Data Security Training Program is designed to provide basic data security awareness training to the workforce of global organizations. The course synthesizes data security best practices and explains them simply. This course covers the essential topics for protecting the security of confidential data and addresses the latest security threats. The program focuses on key concepts of data security common to all organizations as well as provides guidance on how to avoid costly data security breaches.
5 Key Points for Data Security – This is a 7-minute highly-engaging data security training program that can help reinforce the most important points for information security for employees at your organization.
Avoiding Phishers, Hackers and Social Engineers – This information security training course (~15 minutes) teaches phishing protection and how to avoid being victimized by hacker tricks and social engineering. The course covers the various techniques of social engineering (such as phishing, baiting, and pretexting), common phishing techniques, the types of threats contained in email, and the dangers from visiting websites or downloading software. The course teaches how to recognize the tricks that fraudsters use and how to avoid being victimized.
Social Engineering: Spies and Sabotage – This information security training program, Social Engineering: Spies and Sabotage, is a short module (~7 minutes long) that provides a general introduction to social engineering. After discussing several types of social engineering (phishing, baiting, pretexting, and tailgaiting), the course provides advice for avoiding these tricks and scams.
Phishing – This 5.5-minute phishing training course provides a short introduction to the threat of phishing. “Phishing” is a term for when fraudsters try to trick people into revealing confidential data, clicking on malicious attachments, or visiting malicious websites. The course discusses phishing through email, phone, and websites. It covers common phishing techniques, as well as spear phishing.
Malware – This short data security training course provides an overview of what malware is and why it is dangerous. It details the five major types of malware and how users can identify them. It also discusses how most malware requires human action to infect a computer, how people can avoid malware and what to do (and not to do) if this ever happens.
Humans are the Biggest Data Security Risk – This security awareness training course (~5 minutes) explains to trainees that humans are the biggest data security risk. The course discusses how human error can lead to data breaches and how people can avoid common pitfalls and mistakes.
Ed McNicholas, Cybersecurity: A Practical Guide to the Law of Cyber Risk
Kevin Mitnick, Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
Bruce Schneier, Secrets and Lies: Digital Security in a Networked World
Bruce Schneier, Liars and Outliers: Enabling the Trust that Society Needs to Thrive
Bruce Schneier, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World
Bruce Schneier, Beyond Fear: Thinking Sensibly About Security in an Uncertain World
Adam Shostack, Threat Modeling: Designing for Security
Derek E. Bambauer, Ghost in the Network
Andrea M. Matwyshyn, Data Devolution: Corporate Information Security, Consumers, and Future of Regulation
William McGeveran, Duty of Data Security
Sasha Romanosky, David Hoffman & Alessandro Acquisti, Empirical Analysis of Data Breach Litigation
Paul M. Schwartz & Edward J. Janger, Notification of Data Security Breaches
David Thaw, Cybersecurity Stovepiping
David Thaw, Data Breach (Regulatory) Effects
David Thaw, Redefining Cybersecurity Policy
Security Laws and Regulations
HIPAA Security Rule Checklist – The HIPAA Security Rule covers electronic protected health information (ePHI), which is any individually identifiable health information in electronic format. It has 18 safeguards standards, each of which is mandatory, along with 36 implementation specifications. Professor Daniel Solove created this 6-page checklist of the HIPAA Security Rule’s standards and specifications to help summarize them in a user-friendly manner. This checklist covers the HIPAA Administrative Safeguards, HIPAA Physical Safeguards, and HIPAA Technical Safeguards.
Cartoon: Devils of Data Security – A cartoon about data security — a twist on the angel on one shoulder and devil on the other.
Cartoon: Dark Web – A cartoon by Professor Solove about passwords on the Dark Web.
The Funniest Hacker Stock Photos – Professor Daniel Solove shares some of the stock photos he discovered some that are so absurdly funny that they are true classics and that he felt deserved to be celebrated in a hall of fame.
The Funniest Hacker Stock Photos 2.0 – Daniel Solove shares another round of the funniest hacker stock photos that he found when looking for training photos.
The Funniest Hacker Stock Photos 3.0 – Daniel Solove shares a third round of the funniest hacker stock photos that he found when looking for training photos.
The Funniest Hacker Stock Photos 4.0 – Daniel Solove shares a fourth round of the funniest hacker stock photos that he found when looking for training photos.
Security Media and Fiction
5 Great TV Series About Privacy and Security – In this post, Daniel Solove examines television shows that focus on privacy and security issues.
6 Great Films About Privacy and Security – Professor Solove shares 6 of his favorite films about privacy and security topics.
5 Great Novels About Privacy and Security – In this blog post, Professor Daniel Solove shares that he is a lover of literature (he taught a class in law and literature), and he also loves privacy and security, so he thought he’d list some of his favorite novels about privacy and security.
About Professor Solove and TeachPrivacy
Professor Daniel J. Solove is a law professor at George Washington University Law School and the leading expert on privacy and data security law. He has taught privacy law every year since 2000, has published 10 books and more than 50 articles, including the leading textbook on information privacy law and a short guidebook on the subject. His LinkedIn blog has more than 1 million followers. Click here for more information about Professor Solove.
TeachPrivacy provides HIPAA training, privacy awareness training, information security awareness training, phishing training, FERPA training, PCI training, as well as training on many other privacy and security topics. TeachPrivacy was founded by Professor Solove, who is deeply involved in the creation of all training programs because he believes that training works best when made by subject-matter experts and by people with extensive teaching experience.
Please Contact Us If You Are Interested In
Privacy or Security Training
We can provide you with a login so you can evaluate the programs. Click here for our catalog.