Michael R. Overly

Opinions expressed by ICN authors are their own.

Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

The end of security as we know it

Reconciling information security and shrink-wrap agreements

Reconciling information security and shrink-wrap agreements

Addressing the security risks that come with non-negotiable shrink-wrap (or click-wrap) agreements.

Is California’s Consumer Privacy Act of 2018 going to be GDPR version 2?

Is California’s Consumer Privacy Act of 2018 going to be GDPR version 2?

Discussing the California Consumer Privacy Act of 2018, which covers businesses that collect or sell information about California residents. Some view it as the General Data Protection Regulation 2.0.

Integrating information security into the technology development process

Integrating information security into the technology development process

Ensuring vendors commit to a development environment for their products that represents best practices for assessing and testing security.

Do those stellar security obligations really provide any protection?

Do those stellar security obligations really provide any protection?

It is vital for businesses to understand limitation-of-liability clauses in vendor contracts, especially when recovering damages from a cybersecurity breach. Here is insight into these clauses, including how businesses can best draft...

Doing security policies right

Doing security policies right

To maximize the effectiveness of your business’ security policy, consider these five essential areas during the creation and deployment stages.

Think of 'insiders' when drafting and implementing security policies

Think of 'insiders' when drafting and implementing security policies

By following a few simple steps, the risk of vendor personnel using customer systems can be greatly diminished.

How to avoid security assessment cost overruns

How to avoid security assessment cost overruns

Tips on mitigating the risks posed by third-party security assessment engagements.

A checklist for avoiding cyberattacks with vendors’ tech products

A checklist for avoiding cyberattacks with vendors’ tech products

Vendors who offer products with few or none of these protections should be closely scrutinized.

Employee training remains the best first line of defense against cybersecurity breaches

Employee training remains the best first line of defense against cybersecurity breaches

Ongoing training about current and future security issues is just not on the radar screen of most companies. That has to change.

6 tips for drafting better statements of work

6 tips for drafting better statements of work

You can draft the most protective contract in the world, but if the statement of work (SOW) fails to adequately describe the deliverables, projects can fail.

What can my cloud provider do with my data?

What can my cloud provider do with my data?

Lack of specificity regarding cloud vendors' rights to use customer data presents a significant risk in the majority of cloud services agreements. This article discusses two of the most critical issues presented by this risk and...

Load More