Today, cybersecurity is front and center in the legal industry, and it should be. Data breaches can cause crushing financial losses, while damage to an organization's reputation can linger for years. Lawyers no longer have the luxury of thinking of cybersecurity as a field too technical, or not sufficiently legal, to be within their purview: The New York Rules of Professional Conduct (Rule 1.1), and the equivalent in most states impose a duty of technological competence on practitioners. This article seeks to explore the gold standard in information security, ISO/IEC 27001:2013 (Second edition 2013-10-01) (hereinafter ISO 27001), and to provide attorneys and legal professionals with a foundational understanding of ISO 27001.