Notes taken during presentations made at the 2011 Advanced E-Discovery Institute, held at the Ritz Carlton hotel, Washington D.C., November 17-18 2011.
Advanced E-Discovery Institute 2011
Posted by Matt on November 17, 2011
Posted in Uncategorized | Leave a Comment »
Information Security Policy
Posted by Matt on December 17, 2010
Posted in Information Security | Leave a Comment »
SANS Legal 523: Law of Data Security and Investigations
Posted by Matt on December 16, 2010
This past week I’ve had the privilege of attending the one of the nation’s best training events dealing with information security and legal issues. See my review here.
Posted in Information Security | Leave a Comment »
Infected by Malware: Throw the Computer Away?
Posted by Matt on December 16, 2010
There are some forms of malware circulating that infect the persistent memory on graphics processing cards (GPU), network interface cards and any other hardware component that contains its own memory distinct from the computers RAM. This means that you cannot remove the malware simply by reinstalling your operating system after formatting your hard drive, because the malware is located in the memory of one of your hardware components. The difficulty in removing the malware from these locations may just mean you’re better off throwing the computer out and buying a new one! This has been the case for some organizations that have been infected by these types of malware. So much for not hurting the hardware.
http://www.vizworld.com/2010/09/gpuassisted-malware/
Discovered: http://www.theregister.co.uk/2009/03/24/persistent_bios_rootkits/
Posted in Information Security | Leave a Comment »
Live Blog From Georgetown Advanced E-Discovery Conference
Posted by Matt on November 18, 2010
See my notes covering the below topics, here: 2010 Georgetown Advanced E-Discovery Institute (Nov. 18-19, 2010)
Case Law Update
International E-Discovery
RULE 502: Inadvertent Waiver
Proportionality: Is It Real or a Paper Tiger? Kevin F. Brady, Conor R. Crowley, Joseph P. Guglielmo, Hon. Andrew J. Peck, Hon. Joseph R. Slights, III.
Sedona Conference published in October, 2010, the Principles of Proportionality.
The Business of E-Discovery
Major themes and lessons learned in the session: 1- The “problems” of disappointing IT solutions for E-discovery is no different than the general pitfalls of IT providing solutions for general business problems. Good old-fashioned IT project management, requirements gathering, and integration of business process (in this case, legal processes) expertise in the delivery of technology. 2- Legal now has a place at the table in the GRC and information governance. Chief Compliance Officers are now able to have budgets dedicated to managing the information risks of their organizations.
Not Just EU Privacy: A Global View on International E-Discovery
Early Evidence Assessment & Strategies for Search, Retrieval & Review (Early Case Assessment)
2010: A Sanctions Odyssey
Craig Ball, Database Discovery.
Cloud Computing; Dan Regard, Tanya Forsheit, Hon. Francis Allegra, Theresa Beaumont
Posted in eDiscovery | Leave a Comment »
Is Stuxnet the ‘best’ malware ever?
Posted by Matt on October 4, 2010
Posted in Information Security | Leave a Comment »
Failed Risk-Based Security: Notes from Donn Parker RSA 2010 Presentation
Posted by Matt on April 22, 2010
Posted in 19004365, Information Security, Risk Assessment, Risk Management & Compliance | Leave a Comment »
Helping Lawyers Overcome Cloud Anxiety
Posted by Matt on April 22, 2010
Author and attorney Julie Tower-Pierce contributed short little article to the April 2010 issue of Information Security magazine, that encourages IT personnel to provide insight and clarity on cloud computing to corporate counsel. Corporate counsel are rightly concerned about a variety of data protection risks stemming from the use of third-party computing services. Tower-Pierce writes, “By using straightforward, practical explanations and real-world analogies/examples, minus excessive technicalities when possible, you can impart a firm understanding of the mechanics of cloud computing and help lawyers gain perspective.”
I have no qualms about this approach whatsoever. The challenge is getting the two sides to even have the conversation. Most likely, the conversation would originate during the a company’s vendor (third-party) assessment process. This is the most frequent interaction between in-house counsel and information security or other risk assessors. The contractual relationship is often hammered out simultaneously with the IT controls assessment.
Another opportune time to have the conversation is during a corporate risk committee or IT governance steering committee meeting. These meetings take on a variety of shapes, names and participants, but whatever the risk management authority looks like, it should incorporate discussions on emerging topics such as cloud computing.
A third opportunity to have such discussions would be to invite legal to participate in the development of a cloud computing security policy, a part of a firm’s overall information security policy framework.
Posted in Controls, Information Security, Risk Assessment | Leave a Comment »
ISO 31000
Posted by Matt on April 12, 2010
Here’s a link to a short article describing the new ISO 31000:2009 standard, purportedly a generic risk management process guide that is industry agnostic.
Posted in Risk Management & Compliance, Standards & Frameworks | Leave a Comment »
Albert Gonzalez Gets 20 Years
Posted by Matt on March 28, 2010
Posted in Information Security | Leave a Comment »
