On June 16, Avi Gesser, Stephanie Cipolla, and special guests Art Ehuan from Crypsis and Ed Cabrera from Trend Micro discussed the hallmarks of a reasonable corporate cybersecurity program for the purposes of defending litigation or responding to regulatory inquiries, including:

  • Technical controls (MFA, access rights, encryption, network segmentation, endpoint detection, etc.)
  • Administrative controls (policies, procedures, training, resources, vendor management, etc.)
  • Governance (management and board oversight)
  • Resilience (incident response, tabletops, logging, documentation, lessons learned, threat sharing, etc.)

Here is the link to the Webcast: Debevoise Data Strategy & Security Webcast on Reasonable Security

To subscribe to the Data Blog, please click here.


Avi Gesser is Co-Chair of the Debevoise Data Strategy & Security Group. His practice focuses on advising major companies on a wide range of cybersecurity, privacy and artificial intelligence matters. He can be reached at agesser@debevoise.com.


Stephanie Cipolla is an associate in Debevoise's Litigation Department who is a member of the Debevoise Data Strategy & Security practice. She can be reached at smcipolla@debevoise.com.