Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing the Law Firm Myth vs. Reality vs. Practicality:

Published byMagdalene McDonald Modified over 6 years ago

Similar presentations

Presentation on theme: "Securing the Law Firm Myth vs. Reality vs. Practicality:"— Presentation transcript:

1 Securing the Law Firm Myth vs. Reality vs. Practicality:
Reconciling standards and regulation with the business critical processes of a global Law Firm Tim Collinson Information Security Manager

2 Disaster!

3 Challenge to reconcile Myth, Reality & Practicality
Regulation Standards Reality Move to 'Martini' Lawyers Mobile and Flexible (time, location, device) Threats - Intentional & Accidental Practicality Flexibility vs. Confidentiality Security is great unless…. Staying close to Risk & Compliance

4 Addressing the challenge
Current situation Mobility, portability, cloud Confidentiality & sensitivity Client expectation Product proliferation Making Progress Aligning to Firm's Strategy Ethos change: Security not just part of IT Information Security Programme

5 Information Security Programme
Message to Clients To demonstrate we are properly managing an increasingly complex and critical area of risk. Message to Partners Assurance that our security needs are being met in line with best practice. Message to the Firm Process for agreed change in the context of proper governance.

6 "agreed change in the context of proper governance"
Securing the Law Firm "agreed change in the context of proper governance"

7 Behavioural change Risk Appetite Always some risk
Firm makes decision on handling risk Software Policy Taking Responsibility Individuals taking responsibility for their actions Awareness training Encrypted USB stick ?

8 10 Tips… Senior Management Speak their language Being an Enabler
e.g. policy wording Risk Based Approach Asset Management Know what's out there Audit Logging and alerting

9 …10 Tips User & Admin Accounts Malware Defence Data Recovery
Assessment Patching Penetration Testing Cyber Incident Management Plan for when, not if… Breaches have to be recorded

10 What would you do?

11 Thank you Tim.Collinson@twobirds.com
Bird & Bird LLP is a limited liability partnership, registered in England and Wales with registered number 0C and is authorised and regulated by the Solicitors Regulation Authority. Its registered office and principal place of business is at 15 Fetter Lane, London EC4A 1JP. Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated and associated businesses and has offices in the locations listed on our web site: twobirds.com. The word “partner” is used to refer to a member of Bird & Bird LLP or an employee or consultant, or to a partner, member, director, employee or consultant in any of its affiliated and associated businesses, who is a lawyer with equivalent standing and qualifications. A list of members of Bird & Bird LLP, and of any non-members who are designated as partners and of their respective professional qualifications, is open to inspection at the above address. twobirds.com

Download ppt "Securing the Law Firm Myth vs. Reality vs. Practicality:"

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Driving change in information risk within the financial services industry Subtitle Date.

Driving change in information risk within the financial services industry Subtitle Date.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
16 July 2011 The Business Case for Mediation (for “ICC Arbitration & Amicable Dispute Resolution – Focus on India”) Jonathan Leach, partner, Hogan Lovells.

16 July 2011 The Business Case for Mediation (for “ICC Arbitration & Amicable Dispute Resolution – Focus on India”) Jonathan Leach, partner, Hogan Lovells.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, 12.00 – 2.00 pm.

Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, – 2.00 pm.
Security Controls – What Works

Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.

OHSAS 18001: Occupational health and safety management systems - Specification Karen Lawrence.
Streamlining the EIA Process for Hydro Development 23 October 2012 Presented by Jennifer Ballantyne.

Streamlining the EIA Process for Hydro Development 23 October 2012 Presented by Jennifer Ballantyne.
RIBA/UKTI “Working Internationally” Mike Allan Partner Projects and Construction.

RIBA/UKTI “Working Internationally” Mike Allan Partner Projects and Construction.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.

Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Strategic Planning for Company Exit Legal considerations Mark Harden, Partner Thrings LLP.

Strategic Planning for Company Exit Legal considerations Mark Harden, Partner Thrings LLP.
Forum on HEI Procedures for Suitability for Social Work Legal Perspectives London House, Goodenough College Monday, 3 November 2008.

Forum on HEI Procedures for Suitability for Social Work Legal Perspectives London House, Goodenough College Monday, 3 November 2008.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.

Similar presentations

Ads by Google