Securing the Law Firm Myth vs. Reality vs. Practicality:

Slides:

Advertisements

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

Advertisements

Driving change in information risk within the financial services industry Subtitle Date.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

16 July 2011 The Business Case for Mediation (for “ICC Arbitration & Amicable Dispute Resolution – Focus on India”) Jonathan Leach, partner, Hogan Lovells.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, – 2.00 pm.

Security Controls – What Works

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

First Practice - Information Security Management System Implementation and ISO Certification.

OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.

Streamlining the EIA Process for Hydro Development 23 October 2012 Presented by Jennifer Ballantyne.

RIBA/UKTI “Working Internationally” Mike Allan Partner Projects and Construction.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

SEC835 Database and Web application security Information Security Architecture.

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Strategic Planning for Company Exit Legal considerations Mark Harden, Partner Thrings LLP.

Forum on HEI Procedures for Suitability for Social Work Legal Perspectives London House, Goodenough College Monday, 3 November 2008.

Dell Connected Security Solutions Simplify & unify.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Bribery Act Essentials for 2012 CICES 28 February 2012 Barry Vitou & Neil McInnes.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

MAKING RAIL PPPs WORK Lisa Baird Pinsent Masons LLP.

Women in Telecoms & Technology Cleantech Event 10 January 2012 Eve Ellis Partner - Investment Funds.

Information Assurance Policy Tim Shimeall

Preparing Russian Companies for UK Bribery Act Enforcement - The Defence of “Adequate Procedures” Nicholas Munday 14 December 2010 Moscow.

CHSG 18 July 2012 An Inspector Calls Sean Elson Pinsent Masons LLP

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Working with HIT Systems

GEO UK Chapter Meeting Corporate Governance Update and Review of AGM Season Matthew Findley, Partner and Head of Share Plans & Incentives, Pinsent Masons.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

A wide range of clients Housing associations 3 rd sector bodies Private companies supplying services to the public sector Colleges and government bodies.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Evolution not revolution Trends in Compliance functions Kirsty Searles.

Delivering Energy Innovations at Scale: Building the Business Case Simon Hobday Birmingham 11 April 2013.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

Information Security tools for records managers Frank Rankin.

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

Best Cyber Security Practices for Counties An introduction to cybersecurity framework.

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

The Dispute Resolution Surprise John Bishop Partner.

Telephone : +234 (0) | Website : Registered company : Telephone : +234.

Funding the Internet of Things Roger Bickerstaff – 15 March 2016.

Key Trends in Employment Law Alison Dixon, Associate

Information Security Program

Continuing Competence is coming

Cybersecurity - What’s Next? June 2017

Team 2 – understand vulnerabilities

Data protection headaches: GDPR, brexit AND perimeter risk

Association of Member Nominated Trustees DC Asset Security

Originating the role of Information Governance Officer

Current ‘Hot Topics’ in Information Security Governance Auditing

GDPR Awareness and Training Workshop

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

San Francisco IIA Fall Seminar

Risks & Reality Cyber Security Risks & Reality

Join In Be Secure Presentation

Doctrine of Equivalents

County HIPAA Review All Rights Reserved 2002.

Cybersecurity compliance for attorneys

Cybersecurity Am I concerned?

Lexcel v6 for Law Centres

Neopay Practical Guides #2 PSD2 (Should I be worried?)

Microsoft Data Insights Summit

Presentation transcript:

Securing the Law Firm Myth vs. Reality vs. Practicality: Reconciling standards and regulation with the business critical processes of a global Law Firm Tim Collinson Information Security Manager

Disaster!

Challenge to reconcile Myth, Reality & Practicality Regulation Standards Reality Move to 'Martini' Lawyers Mobile and Flexible (time, location, device) Threats - Intentional & Accidental Practicality Flexibility vs. Confidentiality Security is great unless…. Staying close to Risk & Compliance

Addressing the challenge Current situation Mobility, portability, cloud Confidentiality & sensitivity Client expectation Product proliferation Making Progress Aligning to Firm's Strategy Ethos change: Security not just part of IT Information Security Programme

Information Security Programme Message to Clients To demonstrate we are properly managing an increasingly complex and critical area of risk. Message to Partners Assurance that our security needs are being met in line with best practice. Message to the Firm Process for agreed change in the context of proper governance.

"agreed change in the context of proper governance" Securing the Law Firm "agreed change in the context of proper governance"

Behavioural change Risk Appetite Always some risk Firm makes decision on handling risk Software Policy Taking Responsibility Individuals taking responsibility for their actions Awareness training Encrypted USB stick ?

10 Tips… Senior Management Speak their language Being an Enabler e.g. policy wording Risk Based Approach Asset Management Know what's out there Audit Logging and alerting

…10 Tips User & Admin Accounts Malware Defence Data Recovery Assessment Patching Penetration Testing Cyber Incident Management Plan for when, not if… Breaches have to be recorded

What would you do?

Thank you Tim.Collinson@twobirds.com Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number 0C340318 and is authorised and regulated by the Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses and has offices in the locations listed on our web site: twobirds.com. The word “partner” is used to refer to a member of Bird & Bird LLP or an employee or consultant, or to a partner, member, director, employee or consultant in any of its affiliated and associated businesses, who is a lawyer with equivalent standing and qualifications. A list of members of Bird & Bird LLP, and of any non-members who are designated as partners and of their respective professional qualifications, is open to inspection at the above address. twobirds.com