Michael R. Overly

Opinions expressed by ICN authors are their own.

Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

Avoiding the pitfalls of operating a honeypot

4 key vendor contracting pitfalls

4 key vendor contracting pitfalls

Unless these 4 pitfalls are avoided, a vendor can have the absolute best security documents in the industry and still present material risk to its customers.

Why every business should consider ISO 27701 compliance for their vendors

Why every business should consider ISO 27701 compliance for their vendors

The new standard provide a comprehensive set of controls for information security and the protection of personal information.

Business email compromise:  The odds of being a victim are increasing

Business email compromise: The odds of being a victim are increasing

Given the growth over the last few years in BEC and EAC fraud, businesses should educate employees about the risks involved and red flags of this activity.

Developing an information security decision-making matrix

Developing an information security decision-making matrix

It is possible to create a simple, bright-line means of triaging engagements to determine whether heightened security and privacy measures should be required.

Proposed changes to California Consumer Privacy Act of 2018 could rewrite privacy law

Proposed changes to California Consumer Privacy Act of 2018 could rewrite privacy law

A recently proposed repeal of 2018's CCPA called the PAA would shift California even closer to the requirements of the GDPR.

A hacker or your cloud provider. Who presents the greatest risk to your data?

A hacker or your cloud provider. Who presents the greatest risk to your data?

The latest threat to your data may not be a hacker, but your own cloud provider, who can suspend performance and hold your data hostage.

Can owning your company’s encryption lead to better security?

Can owning your company’s encryption lead to better security?

While the current vendor environment clearly poses significant challenges and risks to businesses entrusting them with their data, use of encryption can, at least in many cases, materially mitigate that risk. The devil, however, is in...

The end of security as we know it

The end of security as we know it

Beware of vendors who attempt to abdicate their responsibility to unnamed third-party contractors.

Reconciling information security and shrink-wrap agreements

Reconciling information security and shrink-wrap agreements

Addressing the security risks that come with non-negotiable shrink-wrap (or click-wrap) agreements.

Is California’s Consumer Privacy Act of 2018 going to be GDPR version 2?

Is California’s Consumer Privacy Act of 2018 going to be GDPR version 2?

Discussing the California Consumer Privacy Act of 2018, which covers businesses that collect or sell information about California residents. Some view it as the General Data Protection Regulation 2.0.

Integrating information security into the technology development process

Integrating information security into the technology development process

Ensuring vendors commit to a development environment for their products that represents best practices for assessing and testing security.

Load More