Cloud User Experience

Below find a link to download a mind map sample pertaining to my efforts on cloud user experience considerations as per NIST recommendation.


Contact me Doug Knehr  via linked in


Case Law – USA

Class Action Pleadings:


Spokeo Supreme Court Decision – 2016 – Douglas S Knehr Esq MBA CISSP CIPM CIPP

The case was remanded back to the lower court. The lower court incorrectly focused only on particularization of injury and failed to determine whether the alleged procedural violations entail a degree of risk sufficient to meet the concreteness requirement (“de facto” that is, it must actually exist)

Class action plaintiffs must prove standing by asserting:

  1. Injury in fact
  2. Fairly traceable to challenged conduct
  3. Likely to receive favorable judicial decision

Injury in fact requires a plaintiff to show that he or she suffered “an invasion of a legally protected interest” that is “concrete and particularized” and “actual or imminent, not conjectural or hypothetical”.  While particularization considers the affect on the plaintiff in a personal and individual manner, concreteness is quite different from particularization and requires an injury to be “de facto,” that is, to actually exist. A “concrete” injury need not be a “tangible” injury. Statutory violation alone is not enough. Article III standing requires a concrete injury even in the context of a statutory violation. The violation of a procedural right granted by statute can be sufficient in some circumstances to constitute injury in fact. In this instance however the Supreme Court held that its’ decision doesn’t rule out that risk of real harm will not be enough.

In short, Courts will now look closely at both concreteness and particularization. How this plays out relative to cyber security breaches remains to be seen.


Regulation SCI (Systems Compliance and Integrity)

Regulation SCI (Systems Compliance and Integrity)

Click on the above link for a condensed view of my deep research and expertise in Regulation SCI (Systems Compliance and Integrity) covering the following areas:

types of entities
Exempt clearing agencies subject to automation review policy and plan processors
Types of SCI systems
SCI systems
Critical SCI systems
a system which supports either
Indirect SCI systems
SCI events – rule 1002
Categories of events
Even to minimus events are SCI events
Material changes in the system – rule 1003 a
Record-keeping electronic filing rules, 1005 – 1007
system hygiene
intrusion and penetration testing
Improved resilience
Maturity Goals
Internet Threat Mitigation services
detect surges in activity and DDOS efforts
Perimeter and Internal Network Protection Enhancements
hunting for threats at perimeter
hunting for threats internally
Develop Common Vulnerabilities & Exposures (“CVE”) and Common Vulnerability Scoring System (“CVSS”)
set limits tracked daily
“upper bounds” to extreme cyber scenarios beyond which a market couldn’t recover
Intelligence gathering sources
community driven sources
Government Sources
Commercial Providers
Joint Ventures
Redundant IT Infrastructure
near real-time data replication
Protection against Advanced Persistent Threat (“APT”) Attacks:
Use of implementation of a network segmentation strategy
Leverage Private Communications Networks
Main Efforts
enhanced protection of national critical infrastructure;
• improved information sharing between the public and private sectors and corresponding liability protections
• data breach notifications; and
• data privacy issues.
US Regulatory Concerns
Financial Industry Regulatory Authority (“FINRA”) also planned “sweep examinations,
Federal Financial Institutions Examination Council
EU Concerns
European Program for Critical Infrastructure Protection (“EPCIP”)
EU COmmission
Update to EU Data eprotection framework expected in 2015
obligatory Privacy Impact Assessments (“PIAs”
appointment of a Data Protection Officer
madatory breach notifications
can be used to transfer data out of the EU
national Cybersecurity Policy in 2013
National Information Security Center (“NISC”),
flash crashes
runaway trading algorithms
SIP – securities information processor

Douglas S. Knehr, Esq.,MBA, CIPM, CIPP, CISSP (Exam passed, awaiting official certification)

M: 609-635-2226

Stetson Law Alumni -JD -1999

Rutgers Graduate School of Management Alumni -MBA – 1994

CIPM -2014 – Certified Information Privacy Manager

CIPP – 2014 – Certified Information Privacy Professional

CISSP (Exam passed, awaiting official certification)