SlideShare una empresa de Scribd logo

CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov

Descargar como PPTX, PDF
Eric Vanderburg
Eric Vanderburg

Timothy Opsitnick, Senior Partner, and Eric Vanderburg, Director of Information Systems and Security at JurInnov, explain how to implement information security at Law Firms.

Tecnología
1 de 34
CONFIDENTIAL CyberSecurity: Protecting Law Firms April 22, 2013 © 2013 JurInnov, Ltd. All Rights Reserved
CONFIDENTIAL Agenda The World Around Us How JurInnov Helps Recommended Service © 2013 JurInnov, Ltd. All Rights Reserved 1
CONFIDENTIAL The World Around Us © 2013 JurInnov, Ltd. All Rights Reserved
CONFIDENTIAL How Do You Measure Success? Risk Management and Compliance Areas (U.S. and Global) • • • • • • • • • • • • • • Anti-money laundering (AML) Bribery / FCPA / UKBA Business ethics Code of business conduct Competition / antitrust Country law CYBERSECURITY Department of Transportation (logistics distribution / reverse distribution) Environmental Employment compliance (wage and hour / facility accessibility) Employment practices / workplace rights Export controls / ITAR / dual use technology / military use technology Food safety / labeling Government relations © 2013 JurInnov, Ltd. All Rights Reserved 3 • • • • • • • • • • • • • • Import / customs Information protection Intellectual property Licenses and permits OSHA (health and safety) Product stewardship / product safety Pharmacy and health services Privacy Records and information management Securities law (including insider trading, Dodd Frank) Supply chain / conflict minerals Third party management Trade sanctions / Office of Financial Assets Control (OFAC) Government boycotts / Bureau of Industry and Security
CONFIDENTIAL Data Breaches Grow in Number and Scale “This past year saw major hacks at: – Zappos (24M customer accounts) – Statfor (private U.S. intelligence firm; 5M e-mails) – Global Payments (1.5M credit card numbers) – LinkedIn (6.5M passwords) – eHarmony (1.5M passwords) – Yahoo (0.5M passwords) – Nationwide Mutual (1.1M customer accounts) – Wyndham Worldwide (600K credit card numbers) …many large organizations reported that security breaches were caused by their own staff, most commonly through ignorance of security practices.” Cyber-security and Data Privacy Outlook and Review: 2013, Gibson, Dunn & Crutcher, 04/16/13 © 2013 JurInnov, Ltd. All Rights Reserved 4
CONFIDENTIAL New ABA Ethics Rule: Lawyers’ Obligation August, 2012, change to Rule 1.1 Comment, shown below in italics Rule 1.1 Competence A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation. Comment to the Rule: Maintaining Competence To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject. © 2013 JurInnov, Ltd. All Rights Reserved 5
CONFIDENTIAL Additional Obligations Rule 1.6 Confidentiality Comment 16 “…act competently to safeguard information to the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons…” ABA Formal Ethics Opinion 95-398 “[a] lawyer who gives a computer maintenance company access to information in client files must make reasonable efforts to ensure that the company has in place, or will establish, reasonable procedures to protect the confidentiality of client information.” 2013 HIPAA Omnibus Rules Law firms having contact with PHI must revisit policies, practices, enforce information security controls, protect confidential info, monitor workforce info access, track compliance © 2013 JurInnov, Ltd. All Rights Reserved 6
CONFIDENTIAL “Cyberattacks Against Law Firms Are on the Rise” We have seen over the last three years an increase in the targeting of law firms.” Trent Teyema, FBI Cyber Crimes, Washington, D.C. National Law Journal, 04/23/12 “Law firms have incredibly valuable and sensitive information… the Internet just provides a whole other methodology through which the information can be accessed and pilfered.” The Wall Street Journal, 06/26/12 © 2013 JurInnov, Ltd. All Rights Reserved 7
CONFIDENTIAL Why Law Firms? “The more mobility you have, the more documents you’re sending through the Internet, the more likely you are to be the victim of a cyber attack, and that’s what we’re seeing at law firms.” Mary Galligan, FBI NY Special Agent, Cyber/Special Ops Law Technology News, 02/01/13 “…some of the most vulnerable targets are law firms, which hold so much information of their clients and serve as “gates” to their clients.” Laurel Bellows, ABA President Law Practice Today, 04/13 © 2013 JurInnov, Ltd. All Rights Reserved 8
CONFIDENTIAL What are Cybercriminals After? Access to: – Lists of confidential witnesses – Patent applications – Financial information – M&A documents – Intellectual property – Drug study results – Client correspondence – Possible litigation claims © 2013 JurInnov, Ltd. All Rights Reserved Business disruption of: – Calendar system – Billing system – Website 9
CONFIDENTIAL “Improving Critical Infrastructure Cybersecurity” Executive Order, Federal Register 13636: February 19, 2013 WASHINGTON (Reuters) - U.S. President Barack Obama on Tuesday signed an executive order seeking better protection of the country's critical infrastructure from cyber attacks that are a growing concern to the economy and national security. Reuters, 02/12/13 © 2013 JurInnov, Ltd. All Rights Reserved 10
CONFIDENTIAL President Obama: Cyber Threats "We know hackers steal people's identities and infiltrate private e-mail.” “We know foreign countries and companies swipe our corporate secrets.” “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.” U.S. President Barack Obama, State of the Union Speech, 02/12/13 Continued… © 2013 JurInnov, Ltd. All Rights Reserved 11
CONFIDENTIAL President Obama: Cyber Threats “Cyber threat is one of the most serious economic and national security challenges we face as a nation.” “America's economic prosperity in the 21st century will depend on cybersecurity.” We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.“ U.S. President Barack Obama, State of the Union Speech, 02/12/13 © 2013 JurInnov, Ltd. All Rights Reserved 12
CONFIDENTIAL Cyberspace Policy Review Near Term Actions What are Yours? 1. Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities. 2. Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. 3. Designate cybersecurity as one of the President’s key management priorities and establish performance metrics. 4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate. 5. Conduct interagency-cleared legal analyses of priority cybersecurity-related issues. 6. Initiate a national awareness and education campaign to promote cybersecurity. 7. Develop an international cybersecurity policy framework and strengthen our international partnerships. 8. Prepare a cybersecurity incident response plan and initiate a dialog to enhance public-private partnerships. 9. Develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure. 10. Build a cybersecurity-based identity management vision and strategy, leveraging privacy-enhancing technologies for the Nation. Executive Order, “Improving Critical Infrastructure Cybersecurity,” Federal Register 13636 (02/19/13) © 2013 JurInnov, Ltd. All Rights Reserved 13
CONFIDENTIAL Cybersecurity Maturity: Where are You? Elements of Effective Cybersecurity Culture of Security Legal Requirements Training and Education Policy, Procedure and Controls Monitor and Auditing Response and Documentation Information Management Accountability Leading Optimizing Practicing Developing Ad Hoc • Defined controls • Documented standards • Consistent performance • Likely repeatable • Some consistency • Lacks rigorous process discipline • Informal • Reactive • Inconsistent performance © 2013 JurInnov, Ltd. All Rights Reserved • Effective controls • Uses process metrics • Targeted improvement 14 • Integrated strategies • Innovative changes • Seamless controls
CONFIDENTIAL How JurInnov Helps © 2013 JurInnov, Ltd. All Rights Reserved
CONFIDENTIAL Cybersecurity Solutions • Cybersecurity Survey • Training: Cybersecurity, Breach Response and Computer Forensic • Breach Investigation • Incident Response Planning • Cybersecurity Assessment / Audit • Cybersecurity Risk Management and Strategic Planning • Cybersecurity Policy Review and Development © 2013 JurInnov, Ltd. All Rights Reserved 16
CONFIDENTIAL Recommended Service © 2013 JurInnov, Ltd. All Rights Reserved
CONFIDENTIAL Where to Start: The Cybersecurity Survey • A quick assessment of meaningful performance indicators to take the pulse of the organization’s cybersecurity environment. Access Controls Business Continuity Application Security Security Governance Security Awareness © 2013 JurInnov, Ltd. All Rights Reserved 18
CONFIDENTIAL The Cybersecurity Survey • Objective: – Identify areas where the company is performing well and areas where information security can be improved • Scope: – Conduct a high level security review, gain insight into the current level of information security and develop recommendations • Deliverable: – Acknowledges elements that are appropriately secured – Provides confidential recommendations and workable action items – Priorities based on acceptable risk profile, effort and budget © 2013 JurInnov, Ltd. All Rights Reserved 19
CONFIDENTIAL Access Controls Business Continuity Application Security Access Control Indicators Security Governance Security Awareness Access Controls Checklist Audit Log Retention Firewall Firmware Encrypted Mobile Devices System Availability Do you know everyone who has access to your systems? How would you know if an unauthorized person accessed sensitive data? © 2013 JurInnov, Ltd. All Rights Reserved 20
CONFIDENTIAL Access Controls Business continuity Application Security Business Continuity Indicators Security Governance Security Awareness Uninterruptable Power Restore Testing Disaster Recovery Planning Business Continuity Testing Are you certain that you can recover from an unexpected loss? © 2013 JurInnov, Ltd. All Rights Reserved 21 Scheduled Maintenance
CONFIDENTIAL Access Controls Business Continuity Application Security Application Security Indicators Security Governance Security Awareness Security Patching Malicious Programs Application Security Review Antivirus Software Have your applications been tested from a security viewpoint? © 2013 JurInnov, Ltd. All Rights Reserved 22 Virus Updates
CONFIDENTIAL Access Controls Business Continuity Application Security Security Governance Indicators Security Governance Security Awareness Configuration Management Incident Response Media Sanitation Documented Security Controls Vulnerability Mitigation How does your management team make and implement decisions about information security? © 2013 JurInnov, Ltd. All Rights Reserved 23
CONFIDENTIAL Access Controls Business Continuity Application Security Security Awareness Indicators Security Governance Security Awareness Password Awareness Data Storage Awareness Mobile Awareness Software Awareness Do your employees know and understand your security policies? Are they disciplined in their daily behaviors? © 2013 JurInnov, Ltd. All Rights Reserved 24 Email Awareness
CONFIDENTIAL The Approach Taken 3-5 Weeks Joint Team Customer JurInnov Joint Team Kick-off the Project Complete Employee Awareness Survey Analyze Inputs Discuss Recommendations Discuss Environment and Data Requests Prepare Recommendations Gather / Provide Data Customize Survey, based on Customer Specifics JurInnov Launches the Employee Awareness Survey © 2013 JurInnov, Ltd. All Rights Reserved 25 Confirm Prioritized Action Items
CONFIDENTIAL Deliverable: Example, Metric Description Template • One page per metric within each of the 5 confidence areas • Describes the metrics used to determine risk within the area Access Controls Checklist Audit Log Retention Firewall Firmware Encrypted Mobile Devices System Availability Calculation: Percentage of items indicating secure practices Application: Provides general measurement for access control Recommended Target: Aim to meet all controls Data Source: Interview to complete the checklist © 2013 JurInnov, Ltd. All Rights Reserved 26
CONFIDENTIAL Deliverable: Example, Results Template • Describes the results for each confidence area (total 5 pages) • The specific metrics listed depend on the results found Rank Metric Risk Highlights 1 Average days for retaining server audit logs Low Disk - 60 days Tape - 1 year 2 Availability % of key information systems in the last 6 months Low 99.96% 3 Access Controls Checklist Low 81% 4 Average days to apply firmware to firewalls High 470 5 Percentage of mobile devices that are properly encrypted High Laptops - yes Blackberries - no © 2013 JurInnov, Ltd. All Rights Reserved 27
CONFIDENTIAL Deliverable: Example, Recommendations Template • Describes the recommendations for each confidence area (total 5 pages) • The specific recommendations listed depend on the results found No. Recommended Priority Recommendation Effort Needed 1 Encrypt Blackberries and require passwords High Low 2 Update firewall firmware High Low 3 Check firewall security advisories regularly Medium Low © 2013 JurInnov, Ltd. All Rights Reserved 28
CONFIDENTIAL Project Description 1 Step Launch Project 2 Collect Preliminary Information and Prepare for Interviews 3 Conduct Telephone Interviews 4 Analyze Results for Final Report 5 Present Report Activities Determine interviewees and questionnaire recipients Schedule up to five telephone interviews Distribute questionnaires and employee awareness surveys Receive completed questionnaires Analyze preliminary data to prepare for interviews Deliverables Interview schedule Conduct one interview for each confidence area: Access Controls: o Physical security staff o Server administrator(s) o Datacenter administrator(s) Business Continuity: o Risk manager(s) o Information technology staff Application Security: o Information technology staff o Software development staff Security Governance: o Management personnel o Compliance officers o Privacy officers Security Awareness: o Human resource staff o Compliance officers Analyze inputs from questionnaires , interviews and awareness surveys Calculate metrics and identify recommendations Rank recommendations by risk level (low, medium, high) and effort required (low, medium, high) Present project findings, recommendations, and next steps (via Webex) Inputs to information security analysis Customized interview questions based on preliminary data Survey findings and recommendations Communicated survey findings and recommended action items PRICE: $6,000 © 2013 JurInnov, Ltd. All Rights Reserved 29
CONFIDENTIAL Next Steps 1. Determine and complete changes to standard project plan, as needed 2. Determine and complete additional proposal documentation, as needed © 2013 JurInnov, Ltd. All Rights Reserved 30
CONFIDENTIAL Cybersecurity Solutions • Cybersecurity Survey • Training: Cybersecurity, Breach Response and Computer Forensic • Breach Investigation • Incident Response Planning • Cybersecurity Assessment / Audit • Cybersecurity Risk Management and Strategic Planning • Cybersecurity Policy Review and Development © 2013 JurInnov, Ltd. All Rights Reserved 31
CONFIDENTIAL Contact Information Timothy M. Opsitnick, Esq. Founder and General Counsel tmo@jurinnov.com 216-664-0900 Eric A. Vanderburg, MBA, CISSP Director, Cybersecurity and Information Systems eav@jurinnov.com 216-664-1100 © 2013 JurInnov, Ltd. All Rights Reserved 32
CONFIDENTIAL CyberSecurity: Protecting Law Firms April 22, 2013 © 2013 JurInnov, Ltd. All Rights Reserved

Recomendados

What's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyWhat's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyEly Kahn
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategyBenjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
Pdf lachow anu
Pdf lachow anuPdf lachow anu
Pdf lachow anutheresa may
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayDan Michaluk
 
Cyber crime v3
Cyber crime v3Cyber crime v3
Cyber crime v3Jamison Utter
 

Recomendados

What's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyWhat's Next in Cybersecurity Policy
What's Next in Cybersecurity PolicyEly Kahn
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategyBenjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
Pdf lachow anu
Pdf lachow anuPdf lachow anu
Pdf lachow anutheresa may
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayDan Michaluk
 
Cyber crime v3
Cyber crime v3Cyber crime v3
Cyber crime v3Jamison Utter
 
Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
 
New developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondNew developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondBenjamin Ang
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013M P Keshava
 
Introduction to CSIRTs
Introduction to CSIRTsIntroduction to CSIRTs
Introduction to CSIRTsAPNIC
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
 
How to Protect your Business with Cyber Security
How to Protect your Business with Cyber SecurityHow to Protect your Business with Cyber Security
How to Protect your Business with Cyber SecurityBizSmart Select
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Cyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeCyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeSamir Pawaskar
 
HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDESplend
 
Qatar's NIA Policy Program
Qatar's NIA Policy ProgramQatar's NIA Policy Program
Qatar's NIA Policy ProgramSamir Pawaskar
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Information Sharing and Protection
Information Sharing and ProtectionInformation Sharing and Protection
Information Sharing and ProtectionOxford Martin Centre, OII, and Computer Science at the University of Oxford
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
Are you preparing for GDPR?
Are you preparing for GDPR?Are you preparing for GDPR?
Are you preparing for GDPR?Chris Bullock
 
Review of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathakReview of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathakChintan Pathak
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNorth Texas Chapter of the ISSA
 
Secure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection complianceSecure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection complianceSecure Channels Inc.
 
Exhibitor session: Fortinet
Exhibitor session: FortinetExhibitor session: Fortinet
Exhibitor session: FortinetJisc
 
Ccpa compliance services in usa
Ccpa compliance services in usaCcpa compliance services in usa
Ccpa compliance services in usawilsonconsulting1
 
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Eric Vanderburg
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 

Más contenido relacionado

La actualidad más candente

Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
 
New developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondNew developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondBenjamin Ang
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAGovCloud Network
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013M P Keshava
 
Introduction to CSIRTs
Introduction to CSIRTsIntroduction to CSIRTs
Introduction to CSIRTsAPNIC
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
 
How to Protect your Business with Cyber Security
How to Protect your Business with Cyber SecurityHow to Protect your Business with Cyber Security
How to Protect your Business with Cyber SecurityBizSmart Select
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Cyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeCyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeSamir Pawaskar
 
HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDESplend
 
Qatar's NIA Policy Program
Qatar's NIA Policy ProgramQatar's NIA Policy Program
Qatar's NIA Policy ProgramSamir Pawaskar
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategiesBenjamin Ang
 
Are you preparing for GDPR?
Are you preparing for GDPR?Are you preparing for GDPR?
Are you preparing for GDPR?Chris Bullock
 
Review of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathakReview of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathakChintan Pathak
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNorth Texas Chapter of the ISSA
 
Secure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection complianceSecure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection complianceSecure Channels Inc.
 
Exhibitor session: Fortinet
Exhibitor session: FortinetExhibitor session: Fortinet
Exhibitor session: FortinetJisc
 
Ccpa compliance services in usa
Ccpa compliance services in usaCcpa compliance services in usa
Ccpa compliance services in usawilsonconsulting1
 

La actualidad más candente (20)

Lessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI ReportLessons learned from the SingHealth Data Breach COI Report
Lessons learned from the SingHealth Data Breach COI Report
 
New developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyondNew developments in cyber law - Singapore and beyond
New developments in cyber law - Singapore and beyond
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013
 
Introduction to CSIRTs
Introduction to CSIRTsIntroduction to CSIRTs
Introduction to CSIRTs
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
 
How to Protect your Business with Cyber Security
How to Protect your Business with Cyber SecurityHow to Protect your Business with Cyber Security
How to Protect your Business with Cyber Security
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
Cyber Security Regulatory Landscape
Cyber Security Regulatory LandscapeCyber Security Regulatory Landscape
Cyber Security Regulatory Landscape
 
HSB15 - 0xDUDE
HSB15 - 0xDUDEHSB15 - 0xDUDE
HSB15 - 0xDUDE
 
Qatar's NIA Policy Program
Qatar's NIA Policy ProgramQatar's NIA Policy Program
Qatar's NIA Policy Program
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Information Sharing and Protection
Information Sharing and ProtectionInformation Sharing and Protection
Information Sharing and Protection
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
 
Are you preparing for GDPR?
Are you preparing for GDPR?Are you preparing for GDPR?
Are you preparing for GDPR?
 
Review of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathakReview of national cyber security policy 2013 by chintan pathak
Review of national cyber security policy 2013 by chintan pathak
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Secure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection complianceSecure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection compliance
 
Exhibitor session: Fortinet
Exhibitor session: FortinetExhibitor session: Fortinet
Exhibitor session: Fortinet
 
Ccpa compliance services in usa
Ccpa compliance services in usaCcpa compliance services in usa
Ccpa compliance services in usa
 

Similar a CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov

Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Eric Vanderburg
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
SolarWinds Presents Compliance with Log and Event Manager
SolarWinds Presents Compliance with Log and Event ManagerSolarWinds Presents Compliance with Log and Event Manager
SolarWinds Presents Compliance with Log and Event ManagerSolarWinds
 
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...Gary Allen
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security ProgramRaymond Cunningham
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_servicesG. Subramanian
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
 
Are you GDPR ready?
Are you GDPR ready?Are you GDPR ready?
Are you GDPR ready?INSZoom
 
Motor City West Presentation - Kimberlin Cranford, Acxiom Corporation
Motor City West Presentation - Kimberlin Cranford, Acxiom CorporationMotor City West Presentation - Kimberlin Cranford, Acxiom Corporation
Motor City West Presentation - Kimberlin Cranford, Acxiom CorporationthinkLA
 
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...Cedar Financial
 
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...Ensuring Data Security and Privacy in California: Best Practices for Debt Col...
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...Cedar Financial
 
When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...Jason Haislmaier
 

Similar a CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov (20)

Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
Protecting Law Firms and their Clients: The Role of the Virtual Chief Securit...
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
SolarWinds Presents Compliance with Log and Event Manager
SolarWinds Presents Compliance with Log and Event ManagerSolarWinds Presents Compliance with Log and Event Manager
SolarWinds Presents Compliance with Log and Event Manager
 
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Cisa 2013 ch5
Cisa 2013 ch5Cisa 2013 ch5
Cisa 2013 ch5
 
Implementing an Information Security Program
Implementing an Information Security ProgramImplementing an Information Security Program
Implementing an Information Security Program
 
Case study financial_services
Case study financial_servicesCase study financial_services
Case study financial_services
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity Requirements
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
 
Are you GDPR ready?
Are you GDPR ready?Are you GDPR ready?
Are you GDPR ready?
 
Motor City West Presentation - Kimberlin Cranford, Acxiom Corporation
Motor City West Presentation - Kimberlin Cranford, Acxiom CorporationMotor City West Presentation - Kimberlin Cranford, Acxiom Corporation
Motor City West Presentation - Kimberlin Cranford, Acxiom Corporation
 
IT Policy
IT PolicyIT Policy
IT Policy
 
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...
Ensuring Data Security and Privacy: Best Practices for Debt Collection Agenci...
 
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...Ensuring Data Security and Privacy in California: Best Practices for Debt Col...
Ensuring Data Security and Privacy in California: Best Practices for Debt Col...
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundation
 
When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...
 

Más de Eric Vanderburg

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumEric Vanderburg
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveEric Vanderburg
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgEric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityEric Vanderburg
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatEric Vanderburg
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEric Vanderburg
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology managementEric Vanderburg
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technologyEric Vanderburg
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEric Vanderburg
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challengesEric Vanderburg
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: RoboticsEric Vanderburg
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercisesEric Vanderburg
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsEric Vanderburg
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgEric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgEric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgEric Vanderburg
 

Más de Eric Vanderburg (20)

GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should HaveModern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric VanderburgCybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Mobile Forensics and Cybersecurity
Mobile Forensics and CybersecurityMobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware ThreatRansomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
 
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s PositionEmerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
 
Principles of technology management
Principles of technology managementPrinciples of technology management
Principles of technology management
 
Japanese railway technology
Japanese railway technologyJapanese railway technology
Japanese railway technology
 
Evaluating japanese technological competitiveness
Evaluating japanese technological competitivenessEvaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
 
Japanese current and future technology management challenges
Japanese current and future technology management challengesJapanese current and future technology management challenges
Japanese current and future technology management challenges
 
Technology management in Japan: Robotics
Technology management in Japan: RoboticsTechnology management in Japan: Robotics
Technology management in Japan: Robotics
 
Incident response table top exercises
Incident response table top exercisesIncident response table top exercises
Incident response table top exercises
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and ThreatsHacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
 
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric VanderburgCorrect the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
 
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric VanderburgDeconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
 
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric VanderburgCountering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
 

Último

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Último (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

CyberSecurity: Protecting Law Firms - Vanderburg - JurInnov

  • 1. CONFIDENTIAL CyberSecurity: Protecting Law Firms April 22, 2013 © 2013 JurInnov, Ltd. All Rights Reserved
  • 2. CONFIDENTIAL Agenda The World Around Us How JurInnov Helps Recommended Service © 2013 JurInnov, Ltd. All Rights Reserved 1
  • 3. CONFIDENTIAL The World Around Us © 2013 JurInnov, Ltd. All Rights Reserved
  • 4. CONFIDENTIAL How Do You Measure Success? Risk Management and Compliance Areas (U.S. and Global) • • • • • • • • • • • • • • Anti-money laundering (AML) Bribery / FCPA / UKBA Business ethics Code of business conduct Competition / antitrust Country law CYBERSECURITY Department of Transportation (logistics distribution / reverse distribution) Environmental Employment compliance (wage and hour / facility accessibility) Employment practices / workplace rights Export controls / ITAR / dual use technology / military use technology Food safety / labeling Government relations © 2013 JurInnov, Ltd. All Rights Reserved 3 • • • • • • • • • • • • • • Import / customs Information protection Intellectual property Licenses and permits OSHA (health and safety) Product stewardship / product safety Pharmacy and health services Privacy Records and information management Securities law (including insider trading, Dodd Frank) Supply chain / conflict minerals Third party management Trade sanctions / Office of Financial Assets Control (OFAC) Government boycotts / Bureau of Industry and Security
  • 5. CONFIDENTIAL Data Breaches Grow in Number and Scale “This past year saw major hacks at: – Zappos (24M customer accounts) – Statfor (private U.S. intelligence firm; 5M e-mails) – Global Payments (1.5M credit card numbers) – LinkedIn (6.5M passwords) – eHarmony (1.5M passwords) – Yahoo (0.5M passwords) – Nationwide Mutual (1.1M customer accounts) – Wyndham Worldwide (600K credit card numbers) …many large organizations reported that security breaches were caused by their own staff, most commonly through ignorance of security practices.” Cyber-security and Data Privacy Outlook and Review: 2013, Gibson, Dunn & Crutcher, 04/16/13 © 2013 JurInnov, Ltd. All Rights Reserved 4
  • 6. CONFIDENTIAL New ABA Ethics Rule: Lawyers’ Obligation August, 2012, change to Rule 1.1 Comment, shown below in italics Rule 1.1 Competence A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation. Comment to the Rule: Maintaining Competence To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject. © 2013 JurInnov, Ltd. All Rights Reserved 5
  • 7. CONFIDENTIAL Additional Obligations Rule 1.6 Confidentiality Comment 16 “…act competently to safeguard information to the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons…” ABA Formal Ethics Opinion 95-398 “[a] lawyer who gives a computer maintenance company access to information in client files must make reasonable efforts to ensure that the company has in place, or will establish, reasonable procedures to protect the confidentiality of client information.” 2013 HIPAA Omnibus Rules Law firms having contact with PHI must revisit policies, practices, enforce information security controls, protect confidential info, monitor workforce info access, track compliance © 2013 JurInnov, Ltd. All Rights Reserved 6
  • 8. CONFIDENTIAL “Cyberattacks Against Law Firms Are on the Rise” We have seen over the last three years an increase in the targeting of law firms.” Trent Teyema, FBI Cyber Crimes, Washington, D.C. National Law Journal, 04/23/12 “Law firms have incredibly valuable and sensitive information… the Internet just provides a whole other methodology through which the information can be accessed and pilfered.” The Wall Street Journal, 06/26/12 © 2013 JurInnov, Ltd. All Rights Reserved 7
  • 9. CONFIDENTIAL Why Law Firms? “The more mobility you have, the more documents you’re sending through the Internet, the more likely you are to be the victim of a cyber attack, and that’s what we’re seeing at law firms.” Mary Galligan, FBI NY Special Agent, Cyber/Special Ops Law Technology News, 02/01/13 “…some of the most vulnerable targets are law firms, which hold so much information of their clients and serve as “gates” to their clients.” Laurel Bellows, ABA President Law Practice Today, 04/13 © 2013 JurInnov, Ltd. All Rights Reserved 8
  • 10. CONFIDENTIAL What are Cybercriminals After? Access to: – Lists of confidential witnesses – Patent applications – Financial information – M&A documents – Intellectual property – Drug study results – Client correspondence – Possible litigation claims © 2013 JurInnov, Ltd. All Rights Reserved Business disruption of: – Calendar system – Billing system – Website 9
  • 11. CONFIDENTIAL “Improving Critical Infrastructure Cybersecurity” Executive Order, Federal Register 13636: February 19, 2013 WASHINGTON (Reuters) - U.S. President Barack Obama on Tuesday signed an executive order seeking better protection of the country's critical infrastructure from cyber attacks that are a growing concern to the economy and national security. Reuters, 02/12/13 © 2013 JurInnov, Ltd. All Rights Reserved 10
  • 12. CONFIDENTIAL President Obama: Cyber Threats "We know hackers steal people's identities and infiltrate private e-mail.” “We know foreign countries and companies swipe our corporate secrets.” “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.” U.S. President Barack Obama, State of the Union Speech, 02/12/13 Continued… © 2013 JurInnov, Ltd. All Rights Reserved 11
  • 13. CONFIDENTIAL President Obama: Cyber Threats “Cyber threat is one of the most serious economic and national security challenges we face as a nation.” “America's economic prosperity in the 21st century will depend on cybersecurity.” We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.“ U.S. President Barack Obama, State of the Union Speech, 02/12/13 © 2013 JurInnov, Ltd. All Rights Reserved 12
  • 14. CONFIDENTIAL Cyberspace Policy Review Near Term Actions What are Yours? 1. Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities. 2. Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. 3. Designate cybersecurity as one of the President’s key management priorities and establish performance metrics. 4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate. 5. Conduct interagency-cleared legal analyses of priority cybersecurity-related issues. 6. Initiate a national awareness and education campaign to promote cybersecurity. 7. Develop an international cybersecurity policy framework and strengthen our international partnerships. 8. Prepare a cybersecurity incident response plan and initiate a dialog to enhance public-private partnerships. 9. Develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure. 10. Build a cybersecurity-based identity management vision and strategy, leveraging privacy-enhancing technologies for the Nation. Executive Order, “Improving Critical Infrastructure Cybersecurity,” Federal Register 13636 (02/19/13) © 2013 JurInnov, Ltd. All Rights Reserved 13
  • 15. CONFIDENTIAL Cybersecurity Maturity: Where are You? Elements of Effective Cybersecurity Culture of Security Legal Requirements Training and Education Policy, Procedure and Controls Monitor and Auditing Response and Documentation Information Management Accountability Leading Optimizing Practicing Developing Ad Hoc • Defined controls • Documented standards • Consistent performance • Likely repeatable • Some consistency • Lacks rigorous process discipline • Informal • Reactive • Inconsistent performance © 2013 JurInnov, Ltd. All Rights Reserved • Effective controls • Uses process metrics • Targeted improvement 14 • Integrated strategies • Innovative changes • Seamless controls
  • 16. CONFIDENTIAL How JurInnov Helps © 2013 JurInnov, Ltd. All Rights Reserved
  • 17. CONFIDENTIAL Cybersecurity Solutions • Cybersecurity Survey • Training: Cybersecurity, Breach Response and Computer Forensic • Breach Investigation • Incident Response Planning • Cybersecurity Assessment / Audit • Cybersecurity Risk Management and Strategic Planning • Cybersecurity Policy Review and Development © 2013 JurInnov, Ltd. All Rights Reserved 16
  • 18. CONFIDENTIAL Recommended Service © 2013 JurInnov, Ltd. All Rights Reserved
  • 19. CONFIDENTIAL Where to Start: The Cybersecurity Survey • A quick assessment of meaningful performance indicators to take the pulse of the organization’s cybersecurity environment. Access Controls Business Continuity Application Security Security Governance Security Awareness © 2013 JurInnov, Ltd. All Rights Reserved 18
  • 20. CONFIDENTIAL The Cybersecurity Survey • Objective: – Identify areas where the company is performing well and areas where information security can be improved • Scope: – Conduct a high level security review, gain insight into the current level of information security and develop recommendations • Deliverable: – Acknowledges elements that are appropriately secured – Provides confidential recommendations and workable action items – Priorities based on acceptable risk profile, effort and budget © 2013 JurInnov, Ltd. All Rights Reserved 19
  • 21. CONFIDENTIAL Access Controls Business Continuity Application Security Access Control Indicators Security Governance Security Awareness Access Controls Checklist Audit Log Retention Firewall Firmware Encrypted Mobile Devices System Availability Do you know everyone who has access to your systems? How would you know if an unauthorized person accessed sensitive data? © 2013 JurInnov, Ltd. All Rights Reserved 20
  • 22. CONFIDENTIAL Access Controls Business continuity Application Security Business Continuity Indicators Security Governance Security Awareness Uninterruptable Power Restore Testing Disaster Recovery Planning Business Continuity Testing Are you certain that you can recover from an unexpected loss? © 2013 JurInnov, Ltd. All Rights Reserved 21 Scheduled Maintenance
  • 23. CONFIDENTIAL Access Controls Business Continuity Application Security Application Security Indicators Security Governance Security Awareness Security Patching Malicious Programs Application Security Review Antivirus Software Have your applications been tested from a security viewpoint? © 2013 JurInnov, Ltd. All Rights Reserved 22 Virus Updates
  • 24. CONFIDENTIAL Access Controls Business Continuity Application Security Security Governance Indicators Security Governance Security Awareness Configuration Management Incident Response Media Sanitation Documented Security Controls Vulnerability Mitigation How does your management team make and implement decisions about information security? © 2013 JurInnov, Ltd. All Rights Reserved 23
  • 25. CONFIDENTIAL Access Controls Business Continuity Application Security Security Awareness Indicators Security Governance Security Awareness Password Awareness Data Storage Awareness Mobile Awareness Software Awareness Do your employees know and understand your security policies? Are they disciplined in their daily behaviors? © 2013 JurInnov, Ltd. All Rights Reserved 24 Email Awareness
  • 26. CONFIDENTIAL The Approach Taken 3-5 Weeks Joint Team Customer JurInnov Joint Team Kick-off the Project Complete Employee Awareness Survey Analyze Inputs Discuss Recommendations Discuss Environment and Data Requests Prepare Recommendations Gather / Provide Data Customize Survey, based on Customer Specifics JurInnov Launches the Employee Awareness Survey © 2013 JurInnov, Ltd. All Rights Reserved 25 Confirm Prioritized Action Items
  • 27. CONFIDENTIAL Deliverable: Example, Metric Description Template • One page per metric within each of the 5 confidence areas • Describes the metrics used to determine risk within the area Access Controls Checklist Audit Log Retention Firewall Firmware Encrypted Mobile Devices System Availability Calculation: Percentage of items indicating secure practices Application: Provides general measurement for access control Recommended Target: Aim to meet all controls Data Source: Interview to complete the checklist © 2013 JurInnov, Ltd. All Rights Reserved 26
  • 28. CONFIDENTIAL Deliverable: Example, Results Template • Describes the results for each confidence area (total 5 pages) • The specific metrics listed depend on the results found Rank Metric Risk Highlights 1 Average days for retaining server audit logs Low Disk - 60 days Tape - 1 year 2 Availability % of key information systems in the last 6 months Low 99.96% 3 Access Controls Checklist Low 81% 4 Average days to apply firmware to firewalls High 470 5 Percentage of mobile devices that are properly encrypted High Laptops - yes Blackberries - no © 2013 JurInnov, Ltd. All Rights Reserved 27
  • 29. CONFIDENTIAL Deliverable: Example, Recommendations Template • Describes the recommendations for each confidence area (total 5 pages) • The specific recommendations listed depend on the results found No. Recommended Priority Recommendation Effort Needed 1 Encrypt Blackberries and require passwords High Low 2 Update firewall firmware High Low 3 Check firewall security advisories regularly Medium Low © 2013 JurInnov, Ltd. All Rights Reserved 28
  • 30. CONFIDENTIAL Project Description 1 Step Launch Project 2 Collect Preliminary Information and Prepare for Interviews 3 Conduct Telephone Interviews 4 Analyze Results for Final Report 5 Present Report Activities Determine interviewees and questionnaire recipients Schedule up to five telephone interviews Distribute questionnaires and employee awareness surveys Receive completed questionnaires Analyze preliminary data to prepare for interviews Deliverables Interview schedule Conduct one interview for each confidence area: Access Controls: o Physical security staff o Server administrator(s) o Datacenter administrator(s) Business Continuity: o Risk manager(s) o Information technology staff Application Security: o Information technology staff o Software development staff Security Governance: o Management personnel o Compliance officers o Privacy officers Security Awareness: o Human resource staff o Compliance officers Analyze inputs from questionnaires , interviews and awareness surveys Calculate metrics and identify recommendations Rank recommendations by risk level (low, medium, high) and effort required (low, medium, high) Present project findings, recommendations, and next steps (via Webex) Inputs to information security analysis Customized interview questions based on preliminary data Survey findings and recommendations Communicated survey findings and recommended action items PRICE: $6,000 © 2013 JurInnov, Ltd. All Rights Reserved 29
  • 31. CONFIDENTIAL Next Steps 1. Determine and complete changes to standard project plan, as needed 2. Determine and complete additional proposal documentation, as needed © 2013 JurInnov, Ltd. All Rights Reserved 30
  • 32. CONFIDENTIAL Cybersecurity Solutions • Cybersecurity Survey • Training: Cybersecurity, Breach Response and Computer Forensic • Breach Investigation • Incident Response Planning • Cybersecurity Assessment / Audit • Cybersecurity Risk Management and Strategic Planning • Cybersecurity Policy Review and Development © 2013 JurInnov, Ltd. All Rights Reserved 31
  • 33. CONFIDENTIAL Contact Information Timothy M. Opsitnick, Esq. Founder and General Counsel tmo@jurinnov.com 216-664-0900 Eric A. Vanderburg, MBA, CISSP Director, Cybersecurity and Information Systems eav@jurinnov.com 216-664-1100 © 2013 JurInnov, Ltd. All Rights Reserved 32
  • 34. CONFIDENTIAL CyberSecurity: Protecting Law Firms April 22, 2013 © 2013 JurInnov, Ltd. All Rights Reserved

Notas del editor

  1. AP
  2. AP
  3. AP
  4. AP
  5. AP
  6. AP
  7. AP
  8. AP
  9. AP
  10. AP
  11. AP
  12. AP
  13. AP
  14. AP
  15. AP