SlideShare ist ein Scribd-Unternehmen logo

The risk landscape dave cunningham quoted sep 2008

David Cunningham
David Cunningham
BusinessTechnologie
1 von 4
Downloaden Sie, um offline zu lesen
The Risk Landscape - The Experts Help Your Firm Guard Against Risk Page 1 of 4 Search M em bers Vendors Publcat ons i i M eet ngs i Archi ves Recordi ngs Servi ces Aw ards login E-Mail Print the risk landscape apply hom e archi ves peer t peer archi o ves novem ber 2008 - ri m anagem ent sk t ri l he sk andscape register network At ILTA's annual conference, the Risk Management Peer Group Track offered several informative and well attended panel discussions about the new and growing challenges in legal IT security. Our volunteer panelists shared their thoughts on the current state of security, sponsor risk and conflicts management, and they offered valuable and insightful predictions for firms to consider as they manage risk in the context of new technologies and a changing economy. volunteer We are grateful that many of these panelists were willing to put down some of their thoughts on these questions, and we present their answers to you here. We think their answers to our seven questions will help firms form or fine-tune their risk strategies and enable them Am I a member? to grow more confidently. The respondents in this article are: Browse the member listing... • Richard Patterson, Director of Security, Sidley Austin, 1,800 attorneys • Kevin R. Davidson, Director of Information Security, Stinson Morrison Hecker LLP, 325 attorneys • Andy Jurczyk, CIO, Sonnenschein Nath & Rosenthal LLP, 550 attorneys • Jim Soenksen, CEO, Pivot Group, LLC, an information security audit and assessment firm • David Cunningham, Managing Director, Baker Robbins & Company, an independent technology consulting firm dedicated to developing and implementing innovative solutions • Dan Safran, Executive Vice President, Project Leadership Associates, a business and technology consulting firm focusing on the legal market What do you think are the three biggest risks facing law firms today? Patterson: The three things I think are the biggest risks are the lack of an operational risk management role, data leakage - which is to say there's too much client information leaving firm's on too many forms of media and technology - and physical security and IT security at trial sites and with contract attorneys. Davidson: I think the three biggest risks include a general lack of security awareness by attorneys and staff; myriad locations of confidential information (Have we performed an EDD on ourselves lately?); and the Internet. Access to the Internet is no longer restricted to computers that are safely behind a firewall; plus there are the social aspects of various Web 2.0 applications. Jurczyk: I can list the three biggest risks. First, there's the evolving technical risk landscape. Over the past few years we've seen technical attack vectors move from the network layer up to the application layer. This evolution magnifies the risk because these application-layer attacks can be used to steal information (e.g., corporate espionage, state-sponsored espionage, etc.) and have a direct link to productivity. Second, there are the recent changes and global differences in the rules and regulations surrounding information handling. These range from privacy regulations to discovery laws and are a major source of risk to law firms given our diverse customer base. Third, it's the economy. The partnership model has its strengths and, weaknesses but, simply put, the underlying causes of this recession and the symptoms in the open market are the perfect storm for this model. This rears its ugly head in a partnership's ability to raise capital and operate in the short term, and may present long-term problems without extensive risk management efforts. Soenksen: I see the three biggest risks being vendor management, data privacy and insider threats; and by that last one, I mean attorneys leaving the firm and taking intellectual property with them or disgruntled employees sabotaging the network, as well as the general loss or leakage of data that accompanies this. Cunningham: First, financial growth and overall stability: To quote from a recent issue of The Lawyer, "Around 500 firms have been referred to the so-called intensive care units (ICU) of their banks because they are facing financial difficulties. It is understood that 21 of the United Kingdom's top 150 firms are being treated in Barclays' ICU, which is known as 'business banking support', although the bank refused to confirm this number." Second, there's malpractice, mostly via rogue lawyers who cause the firm to be sued or to lose significant business. This is not the most likely risk, but it is serious enough that general counsels in New York reported it as the risk that keeps them awake at night . . . well, at least it did before the risk described above became an issue. Third, I consider information governance a major risk. Inability to identify and control the firm's online content results in firmwide holds to address litigation, inability to match clients' retention policies, massive duplication of data, lack of clarity around the retention of new media (electronic voice mail, instant messages, etc.) and increased recovery times for lost data. Safran: The three biggest risks today are, first, complying with the revised Federal Rules on Civil Disclosure and other global/national rule sets. I realize this isn't pure security but it certainly overlaps relative to information access and overall firm risk management. Next, I think it's the challenge of staying on top of continually changing security threats in rapidly changing internal and external environments to protect the firm's intellectual and client data. And finally, it's raising management and employee awareness to fund proactive security measures and identify threats. http://www.iltanet.org/MainMenuCategory/Archives/PeertoPeerArchives/November2008/... 11/5/2011
The Risk Landscape - The Experts Help Your Firm Guard Against Risk Page 2 of 4 As many firms look toward going global, do you see their security problems growing, shrinking or staying the same and changing? Patterson: It's growing, especially if you ignore the risks that other corporations have addressed when they globalize. Davidson: It's growing, especially in complexity. Jurczyk: In the context of the risks I mentioned above, I foresee the security problems growing exponentially. Although I see many of the technical problems remaining the same, I do expect our technical security problems to grow linearly as a function of the amount of technology we use. And it's no surprise that the financial risk will grow at a non-linear rate as we look to fund larger operations. However, I see the exponential growth coming largely from changes in rules and regulations and client demands from different areas of the world. Soenksen: It's growing. Lack of control of systems in other countries, change management issues, the configuration of a network to be uniform and other considerations are increasing the complexity of security. Also, knowledge and compliance with different data privacy laws will add to the complexity. Cunningham: Almost by definition, security issues will grow and change. Electronic data interchange agreements are a fine example of security problems that few firms have yet tackled well. Safran: With complexity in growing and managing global enterprises comes a natural increase in security problems. More things and people to manage, different cultures, different values and different levels of government controls and rules based on location all contribute to the increased complexity. An example is where certain countries monitor Internet traffic or others that have stringent rules around transmission of in and outbound data . . . all of this adds complexity to privacy and security requirements. Differences in security and privacy laws as well as practice guidelines vary from country to country. Do you believe these differences are giving an advantage to local and regional firms focused in primarily one country? Patterson: Not really; the lawyers in the offices in those locations become the experts on the local regulations, you just develop internal local expertise. Davidson: Not yet. Jurczyk: I believe that non-revenue generating functions can only impact two of the three dials linked to competitive advantage: customer perceived value and cost of operations. It is my opinion that compliance with these rules and regulations in many countries is required and/or implied, therefore, it cannot impact customer perceived value. To the extent that a firm is able to demonstrate compliance with these rules and regulations at a cost less than its competitors, I believe strong risk management/security programs can contribute to a competitive advantage so long as revenues associated with serving the clientele necessitating compliance are realized. Soenksen: Maybe . . . The local attorneys in each office should or will be aware of their particular laws and educate the other partners as to what their requirements are for their jurisdiction. The issue will be whether the firms' technologies, policies, training and support infrastructure will be in place to keep the local offices competitive. Cunningham: A one-country firm would only have potential advantage with one-country clients. A firm dealing with multinational clients has to understand and address these multinational issues, not stop working across borders. Safran: They may have a slight increase in competitive advantage, but knowledge of local laws does not provide a high barrier to entry. A firm's local or regional understanding of security and privacy rules can help support local and collaborative law practices; however, my sense is that the competitive advantage of local or regional firms does not greatly differ from global firms. After all, many global firms acquire local or regional offices of other firms or lateral hires or they hire local talent with that competitive knowledge. Everyone admits the technical landscape is changing, and nobody argues the link between technology and risk. As a result of these changes, do you foresee risks increasing, decreasing or staying the same in size, scope and magnitude? Patterson: Risk will always increase as you make systems and data more widely available to people on more platforms and over new and varied mediums. Davidson: I see it increasing, as it is only more difficult to stay on top of the risk with the methods, laws, and exploits changing so quickly. Jurczyk: I believe that as new technologies are developed, released and adopted by the masses, our cumulative risk does grow; not growing is simply unavoidable in this context. However I also believe that a good risk management process can balance the incremental risk against potential value to the firm. For example, by producing more donuts, you are increasing the total calories that I can consume, thus my belt size. However, by my choosing to only eat half of the donut or better yet (and less likely) me not eating the donut, I am controlling my calories, thus belt size. These same basic rules apply to managing technical risk. Soenksen: I see it increasing; as technologies such as Web applications and software as a service become more prevalent, the risks associated with sharing confidential or private information become an increasing challenging to protect. Cunningham: Technical risks increase but in a relatively small way compared to information management and people risks. Safran: For much the same rationale in question three, I see risks increasing, mostly due to the increased complexity in firm growth, geographic expansion and increasing country rules and regulations. Technology continues to evolve and progress, which adds increased complexity to user and network environments. Integration with other rapidly advancing technology sets also causes greater risk. If you had to identify three technologies that carry with them the greatest risk, what would they be? http://www.iltanet.org/MainMenuCategory/Archives/PeertoPeerArchives/November2008/... 11/5/2011
The Risk Landscape - The Experts Help Your Firm Guard Against Risk Page 3 of 4 Patterson: VoIP, virtualization and Outlook Web Access, which is less a technology and more an application, but I had to throw it in. Davidson: Mobile devices, flash drives and WiFi. Jurczyk: First, there are the peer-to-peer technologies, including collaboration technologies such as instant messaging, that place the firm at great risk. The pressure to allow the use of these technologies in service of our clients is rising globally while, at the same time, recent studies released by the FBI suggest that these technologies are becoming a conduit for information theft by crackers, hackers and state-sponsored espionage programs. Although our options for blocking and logging use are getting better, I believe many are reactive and largely useless in the long term, and the only real solution lies in embedding security into the information which transcends corporate boundaries. Also, portal and information collaboration platforms, which represent the melding of my two top risks - the upward trend in attack targets (application layer) and the increasingly complex regulatory landscape. Without belaboring the point, I believe this melding of the technical and non-technical represents quite possibly the biggest risk facing firms today and over the next two to four years. Third, mobile devices carry a lot of risk. These devices continue to grow in storage and processing capability and are becoming required in order to practice law. This trend, coupled with the rapid integration of non-business features such as music, video and the Internet, has opened up a new dimension to the risk landscape. I believe these technologies will grow in use, will become more and more consumer- focused and will be a future attack platform of choice. Soenksen: Ubiquitous computing, meaning the use of BlackBerry devices, PDAs and iPhones outside of the confines of the traditional in -house network, is the greatest risk since these devices can contain highly sensitive information and are easily lost. Next, there are the Web-based portals; accessing highly confidential data from outside the boundaries of the law firm carries the risk of this data being compromised, either by a hacker or unauthorized party. This data can be accessed from any public computer and leave residual confidential information on the hard drive of an unauthorized computer. Or, it is accessed from home where employees do not have the same level of security found in the enterprise. If this data is then downloaded to the home computer, the risk increases. Then there's e- mail. Due to the capacity of e-mail accounts, the "smoking gun" of a lawsuit will be buried in the countless number of e-mail messages. Additionally, if the uses of Web-based e-mail such as Gmail accounts are incorrectly used by employees to conduct law firm business, the risk of this information being compromised is great, since the law firm does not have control over the Gmail servers. Cunningham: The use of e-mail has single-handedly broken down the former partner review and records management processes of firms. What used to be a letter carefully read by a partner before it left the door is often now a casual e-mail message sent directly by a junior lawyer. Then there are remote access configurations; many are poorly or thinly configured and have password-only authentication - a hacker's dream. And then there's Google, which is used more often than any partner thinks. Safran: The three most risk-filled technologies are mobile devices, websites and mobile workers. Mobile devices lead to more local data that needs to be secured and further decentralizes where risky documents and records reside. Also, collaborative applications and websites are risky, for the same reasons as above. And the increasing number of mobile and dispersed home knowledge workers means more data records need to be protected in environments that are inherently localized, unstructured and flexible. How do you think the economy is affecting security in law firms? Patterson: As clients go under firms lose revenue streams. Plus, clients are using firms like banks; they're not paying their bills or they are very slow to pay the bills. Davidson: As our clients are affected, we become affected. Some verticals (bankruptcy, for example) are stronger. Jurczyk: The economic problems we're facing today are unprecedented in modern history - at least since technology has become mainstream. In light of these extreme circumstances, I believe all non-revenue generating activities have been affected in varying degrees, which include a firm's investment in technology, accounting, marketing and security. However, after looking at our finances and reflecting on what my peers are doing, I believe the economy is having less effect on security spending (proportionally) than in other areas for two reasons. First, once security matures in an organization, capital and operating costs tend to decline sharply making it one of the least expensive areas to operating when compared to others. Second, and probably more important, you may be able to defer an upgrade one more year, but you can't afford to leave systems unprotected; in order to work, you must protect systems from viruses and respond to intrusions. In that respect, security is like accounting - you have to pay your bills in order to keep the lights on, just like you have to protect your organization's capacity to work. Soenksen: Law firms are feeling the effects of the recent downturn in the economy as the demand for some legal services are declining. Thus, law firms are reviewing all capital and expense items and are determining what security initiatives need to be performed this month/quarter/year or delayed until the next month/quarter/year. Cunningham: No noticeable effect seen yet. More firms are auditing IT now, so that could have a long-term effect by ensuring firms at least understand their security situation. However, this could be offset in the short-term by firms that may stop advancing the staffing and investments in security. Safran: As firms evaluate overall spending, it becomes harder to rationalize spending on information or other security measures versus investments that spur business. I am already hearing about security budgets taking a squeeze in many of our clients - and headcount reductions and freezes are having some effect. Looking into the future, do you see a convergence between security as it exists today and broader risk management (e.g., enterprise risk management)? If so, what's behind this shift? http://www.iltanet.org/MainMenuCategory/Archives/PeertoPeerArchives/November2008/... 11/5/2011
The Risk Landscape - The Experts Help Your Firm Guard Against Risk Page 4 of 4 Patterson: I think that shift would have to be clearly established in the corporate sector before law firms would follow. They have too much of a lemming mentality, and I don't see firms leading in any areas of risk management or security. Davidson: Yes, because IT is a business center, not a black box. Risk is risk. Those that limit it to IT leave huge gaps in their risk management plans Jurczyk: History is the best predictor of the future, and, assuming that trend holds, I do expect there to be a convergence of risk management functions in the short and long term. As firms look for new ways to compete, customer perception and costs become critically important and will serve as the forces driving the convergence and pushing us towards an enterprise risk management function. In light of this opinion, I see two changes occurring across the legal vertical over the next few years. I predict this function will broaden in scope over the next year or so to include physical security, investigations and forensics. This makes sense given the close relationship with these functions and IS, and thus presents an opportunity to drive costs down. With this added responsibility, it will move up organizationally and may shed some day-to-day technical responsibilities given the operational framework of the IS department. The last step I see is this function expanding to include broader operational risk management functions such as conflicts, insurance, new business intake, records and others. Although this appears at first blush a giant leap, each of these functions directly ties to either the active or passive management of operational risks. At this point, I foresee the potential for reduced day-to-day responsibilities and upward pressure on this function to include greater involvement with the practice groups, general counsel and executive director, COO, etc. I believe firms that take these steps will grow their competitive advantage over those who do not take these steps Soenksen: There will be a convergence between security and enterprise risk management. This shift will be prompted by more laws concerning security issues as more client data is stored on removable media devices, in different locations and different jurisdictions and as the remote workforce grows. Law firms need to be proactive in combating the risk associated with remote access and storage and the mobile workforce with an enterprise view of the total risk to the firm versus the traditional risk silos. Cunningham: Security will continue to evolve under a risk management umbrella, but it will stand in line behind electronic information management and business continuity to get there. Safran: We do see a shift in our larger clients that have implemented more centralized enterprise risk management structures and organizations. In some cases, these risk management functions report to the firm's general counsel or "director" of enterprise risk management. These functions are becoming increasingly responsible for information security, physical security, new business intake and file open functions, general compliance, records management or a combination thereof. About our author :: :: :: Adam Hansen, Sonnenschein Nath & Rosenthal LLP, is responsible for all information security, including setting policy, risk management, product selection and implementation, investigation and crisis management. Adam is also the president and founder of the National Security & Privacy Executive Roundtable, a user group dedicated to knowledge sharing among security professionals. Adam serves as Vice President of ILTA's Risk Management Peer Group. He can be reached at ahansen@sonnenschein.com. © 2011 International Legal Technology Association MyILTA | E-Groups | Contact Us | | | | Site Map | Terms & Conditions 9701 Brodie Lane, Suite 200 Austin, TX 78748 http://www.iltanet.org/MainMenuCategory/Archives/PeertoPeerArchives/November2008/... 11/5/2011

Empfohlen

7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-MaligecChristine Maligec, CRM-E, CRIS
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Uk Security Breach Investigations Report 2010
Uk Security Breach Investigations Report 2010Uk Security Breach Investigations Report 2010
Uk Security Breach Investigations Report 2010Hongyang Wang
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
Regulation raises the risk for global subsidiaries
Regulation raises the risk for global subsidiariesRegulation raises the risk for global subsidiaries
Regulation raises the risk for global subsidiariesNair and Co.
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
dcb1203CyberNDI
dcb1203CyberNDIdcb1203CyberNDI
dcb1203CyberNDIPaul Elliott
 

Empfohlen

7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-MaligecChristine Maligec, CRM-E, CRIS
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Uk Security Breach Investigations Report 2010
Uk Security Breach Investigations Report 2010Uk Security Breach Investigations Report 2010
Uk Security Breach Investigations Report 2010Hongyang Wang
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
Regulation raises the risk for global subsidiaries
Regulation raises the risk for global subsidiariesRegulation raises the risk for global subsidiaries
Regulation raises the risk for global subsidiariesNair and Co.
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
dcb1203CyberNDI
dcb1203CyberNDIdcb1203CyberNDI
dcb1203CyberNDIPaul Elliott
 
Security risk
Security riskSecurity risk
Security riskRandy Tamoria
 
Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))NAFCU Services Corporation
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk
 
Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman.ergo GmbH
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalNicholas Cramer
 
Securing Organisations Against Cyber Threats
Securing Organisations Against Cyber ThreatsSecuring Organisations Against Cyber Threats
Securing Organisations Against Cyber ThreatsPeteAndersen
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover StoryPatrick Spencer
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Edelman Privacy Risk Index
Edelman Privacy Risk IndexEdelman Privacy Risk Index
Edelman Privacy Risk IndexEdelman Japan
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Niren Thanky
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...Doug Newdick
 
84017
8401784017
84017Steven Browne
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Garvan Australian Spectacular
Garvan Australian SpectacularGarvan Australian Spectacular
Garvan Australian SpectacularGarvan Research Foundation
 
Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005David Cunningham
 
Dt for hp sales
Dt for hp salesDt for hp sales
Dt for hp saleserezpaz
 
What Your Tweets Tell Us About You, Speaker Notes
What Your Tweets Tell Us About You, Speaker NotesWhat Your Tweets Tell Us About You, Speaker Notes
What Your Tweets Tell Us About You, Speaker NotesKrisKasianovitz
 

Weitere ähnliche Inhalte

Was ist angesagt?

Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk
 
Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman.ergo GmbH
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Mighty Guides, Inc.
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalNicholas Cramer
 
Securing Organisations Against Cyber Threats
Securing Organisations Against Cyber ThreatsSecuring Organisations Against Cyber Threats
Securing Organisations Against Cyber ThreatsPeteAndersen
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Edelman Privacy Risk Index
Edelman Privacy Risk IndexEdelman Privacy Risk Index
Edelman Privacy Risk IndexEdelman Japan
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Niren Thanky
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...Doug Newdick
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 

Was ist angesagt? (18)

Security risk
Security riskSecurity risk
Security risk
 
Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber Webinar
 
Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012Edelman Privacy Risk Index 2012
Edelman Privacy Risk Index 2012
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
 
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
Tenable: Economic, Operational and Strategic Benefits of Security Framework A...
 
All clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equalAll clear id_whitepaper__not_all_breaches_are_created_equal
All clear id_whitepaper__not_all_breaches_are_created_equal
 
Securing Organisations Against Cyber Threats
Securing Organisations Against Cyber ThreatsSecuring Organisations Against Cyber Threats
Securing Organisations Against Cyber Threats
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Edelman Privacy Risk Index
Edelman Privacy Risk IndexEdelman Privacy Risk Index
Edelman Privacy Risk Index
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
The Long White Cloud: Addressing Privacy, Residency and Security in the Cloud...
 
84017
8401784017
84017
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 

Andere mochten auch

Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005David Cunningham
 
Dt for hp sales
Dt for hp salesDt for hp sales
Dt for hp saleserezpaz
 
What Your Tweets Tell Us About You, Speaker Notes
What Your Tweets Tell Us About You, Speaker NotesWhat Your Tweets Tell Us About You, Speaker Notes
What Your Tweets Tell Us About You, Speaker NotesKrisKasianovitz
 
Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...David Cunningham
 

Andere mochten auch (6)

Garvan Australian Spectacular
Garvan Australian SpectacularGarvan Australian Spectacular
Garvan Australian Spectacular
 
Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005Ala 2005 rfp best practices by dave cunningham apr 2005
Ala 2005 rfp best practices by dave cunningham apr 2005
 
Dt for hp sales
Dt for hp salesDt for hp sales
Dt for hp sales
 
What Your Tweets Tell Us About You, Speaker Notes
What Your Tweets Tell Us About You, Speaker NotesWhat Your Tweets Tell Us About You, Speaker Notes
What Your Tweets Tell Us About You, Speaker Notes
 
Hiv aids flyer english and spanish version all
Hiv aids flyer english and spanish version allHiv aids flyer english and spanish version all
Hiv aids flyer english and spanish version all
 
Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...Law journal news it is dead article; long live it controlling costs while g...
Law journal news it is dead article; long live it controlling costs while g...
 

Ähnlich wie The risk landscape dave cunningham quoted sep 2008

Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docxLynellBull52
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AWard Pyles
 
Tripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_SurveyTripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_SurveyMelloney Jewell
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
Ethnosit.net
Ethnosit.netEthnosit.net
Ethnosit.netethnos
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018FERMA
 
Akamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security reportAkamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security reportYuriy Yuzifovich
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
Third party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceThird party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceCharles Steve
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSRandall Chase
 
LogRhythm Reducing cyber risk in the legal sector Whitepaper
LogRhythm Reducing cyber risk in the legal sector WhitepaperLogRhythm Reducing cyber risk in the legal sector Whitepaper
LogRhythm Reducing cyber risk in the legal sector WhitepaperTom Salmon
 

Ähnlich wie The risk landscape dave cunningham quoted sep 2008 (20)

Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
 
®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
InfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 AInfraGard Webinar March 2016 033016 A
InfraGard Webinar March 2016 033016 A
 
Tripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_SurveyTripwire_UK_Executive_Cybersecurity_Literacy_Survey
Tripwire_UK_Executive_Cybersecurity_Literacy_Survey
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Ethnosit.net
Ethnosit.netEthnosit.net
Ethnosit.net
 
OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 Brochure
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
 
Akamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security reportAkamai 2018 Spring state of the Internet security report
Akamai 2018 Spring state of the Internet security report
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
Third party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceThird party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligence
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONSCybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
Cybersecurity - you are being targeted -Keyven Lewis, CMIT SOLUTIONS
 
LogRhythm Reducing cyber risk in the legal sector Whitepaper
LogRhythm Reducing cyber risk in the legal sector WhitepaperLogRhythm Reducing cyber risk in the legal sector Whitepaper
LogRhythm Reducing cyber risk in the legal sector Whitepaper
 

Mehr von David Cunningham

The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016David Cunningham
 
CLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPsCLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPsDavid Cunningham
 
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015David Cunningham
 
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005David Cunningham
 
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...David Cunningham
 
Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...David Cunningham
 
Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007David Cunningham
 
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...David Cunningham
 
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...David Cunningham
 
Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...David Cunningham
 
Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009David Cunningham
 
Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...David Cunningham
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamDavid Cunningham
 
Risk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg blockRisk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg blockDavid Cunningham
 
Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...David Cunningham
 
Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23David Cunningham
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...David Cunningham
 
It sourcing threat or opportunity by dave cunningham- feb 2004
It sourcing threat or opportunity by dave cunningham- feb 2004It sourcing threat or opportunity by dave cunningham- feb 2004
It sourcing threat or opportunity by dave cunningham- feb 2004David Cunningham
 

Mehr von David Cunningham (20)

The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016The business of data analytics and business intelligence 15 nov 2016
The business of data analytics and business intelligence 15 nov 2016
 
50 Shades of Metrics
50 Shades of Metrics50 Shades of Metrics
50 Shades of Metrics
 
CLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPsCLOC Legal Project Management and Simple RFPs
CLOC Legal Project Management and Simple RFPs
 
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
Iltacon cio corporate legal operations consortium (cloc) metrics aug 2015
 
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
ALA 2005 Outsourcing - Making a Decision that Fits by Dave Cunningham Apr 2005
 
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
Ilta 2005 - Evaluating Managed Services - Benchmarks and Case Studies by Dave...
 
Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...
 
Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007Establishing a framework for it governance by dave cunningham 2007
Establishing a framework for it governance by dave cunningham 2007
 
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
Ilta 2008 challenges in demonstrating it payoff presentation by dave cunningh...
 
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
 
Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...Ilta 2009 law firm risk management can it grow profitability - panel member...
Ilta 2009 law firm risk management can it grow profitability - panel member...
 
Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009Out with the old it in with the new by david cunningham - sep 2009
Out with the old it in with the new by david cunningham - sep 2009
 
Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...Managing partner retreat using technology to streamline the practice of law...
Managing partner retreat using technology to streamline the practice of law...
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunningham
 
Risk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg blockRisk management for law firms chapter 2 ark 2009 by meg block
Risk management for law firms chapter 2 ark 2009 by meg block
 
Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...Trends shaping the future of legal risk management by dave cunningham and m...
Trends shaping the future of legal risk management by dave cunningham and m...
 
Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23Ltn 2010 02 risk glossary by dave cunningham on page 23
Ltn 2010 02 risk glossary by dave cunningham on page 23
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
Hildebrandt baker robbins presentation for coo roundtable 2010 by dave cunn...
 
It sourcing threat or opportunity by dave cunningham- feb 2004
It sourcing threat or opportunity by dave cunningham- feb 2004It sourcing threat or opportunity by dave cunningham- feb 2004
It sourcing threat or opportunity by dave cunningham- feb 2004
 

Kürzlich hochgeladen

Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 

Kürzlich hochgeladen (20)

Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 

The risk landscape dave cunningham quoted sep 2008

  • 1. The Risk Landscape - The Experts Help Your Firm Guard Against Risk Page 1 of 4 Search M em bers Vendors Publcat ons i i M eet ngs i Archi ves Recordi ngs Servi ces Aw ards login E-Mail Print the risk landscape apply hom e archi ves peer t peer archi o ves novem ber 2008 - ri m anagem ent sk t ri l he sk andscape register network At ILTA's annual conference, the Risk Management Peer Group Track offered several informative and well attended panel discussions about the new and growing challenges in legal IT security. Our volunteer panelists shared their thoughts on the current state of security, sponsor risk and conflicts management, and they offered valuable and insightful predictions for firms to consider as they manage risk in the context of new technologies and a changing economy. volunteer We are grateful that many of these panelists were willing to put down some of their thoughts on these questions, and we present their answers to you here. We think their answers to our seven questions will help firms form or fine-tune their risk strategies and enable them Am I a member? to grow more confidently. The respondents in this article are: Browse the member listing... • Richard Patterson, Director of Security, Sidley Austin, 1,800 attorneys • Kevin R. Davidson, Director of Information Security, Stinson Morrison Hecker LLP, 325 attorneys • Andy Jurczyk, CIO, Sonnenschein Nath & Rosenthal LLP, 550 attorneys • Jim Soenksen, CEO, Pivot Group, LLC, an information security audit and assessment firm • David Cunningham, Managing Director, Baker Robbins & Company, an independent technology consulting firm dedicated to developing and implementing innovative solutions • Dan Safran, Executive Vice President, Project Leadership Associates, a business and technology consulting firm focusing on the legal market What do you think are the three biggest risks facing law firms today? Patterson: The three things I think are the biggest risks are the lack of an operational risk management role, data leakage - which is to say there's too much client information leaving firm's on too many forms of media and technology - and physical security and IT security at trial sites and with contract attorneys. Davidson: I think the three biggest risks include a general lack of security awareness by attorneys and staff; myriad locations of confidential information (Have we performed an EDD on ourselves lately?); and the Internet. Access to the Internet is no longer restricted to computers that are safely behind a firewall; plus there are the social aspects of various Web 2.0 applications. Jurczyk: I can list the three biggest risks. First, there's the evolving technical risk landscape. Over the past few years we've seen technical attack vectors move from the network layer up to the application layer. This evolution magnifies the risk because these application-layer attacks can be used to steal information (e.g., corporate espionage, state-sponsored espionage, etc.) and have a direct link to productivity. Second, there are the recent changes and global differences in the rules and regulations surrounding information handling. These range from privacy regulations to discovery laws and are a major source of risk to law firms given our diverse customer base. Third, it's the economy. The partnership model has its strengths and, weaknesses but, simply put, the underlying causes of this recession and the symptoms in the open market are the perfect storm for this model. This rears its ugly head in a partnership's ability to raise capital and operate in the short term, and may present long-term problems without extensive risk management efforts. Soenksen: I see the three biggest risks being vendor management, data privacy and insider threats; and by that last one, I mean attorneys leaving the firm and taking intellectual property with them or disgruntled employees sabotaging the network, as well as the general loss or leakage of data that accompanies this. Cunningham: First, financial growth and overall stability: To quote from a recent issue of The Lawyer, "Around 500 firms have been referred to the so-called intensive care units (ICU) of their banks because they are facing financial difficulties. It is understood that 21 of the United Kingdom's top 150 firms are being treated in Barclays' ICU, which is known as 'business banking support', although the bank refused to confirm this number." Second, there's malpractice, mostly via rogue lawyers who cause the firm to be sued or to lose significant business. This is not the most likely risk, but it is serious enough that general counsels in New York reported it as the risk that keeps them awake at night . . . well, at least it did before the risk described above became an issue. Third, I consider information governance a major risk. Inability to identify and control the firm's online content results in firmwide holds to address litigation, inability to match clients' retention policies, massive duplication of data, lack of clarity around the retention of new media (electronic voice mail, instant messages, etc.) and increased recovery times for lost data. Safran: The three biggest risks today are, first, complying with the revised Federal Rules on Civil Disclosure and other global/national rule sets. I realize this isn't pure security but it certainly overlaps relative to information access and overall firm risk management. Next, I think it's the challenge of staying on top of continually changing security threats in rapidly changing internal and external environments to protect the firm's intellectual and client data. And finally, it's raising management and employee awareness to fund proactive security measures and identify threats. http://www.iltanet.org/MainMenuCategory/Archives/PeertoPeerArchives/November2008/... 11/5/2011
  • 2. The Risk Landscape - The Experts Help Your Firm Guard Against Risk Page 2 of 4 As many firms look toward going global, do you see their security problems growing, shrinking or staying the same and changing? Patterson: It's growing, especially if you ignore the risks that other corporations have addressed when they globalize. Davidson: It's growing, especially in complexity. Jurczyk: In the context of the risks I mentioned above, I foresee the security problems growing exponentially. Although I see many of the technical problems remaining the same, I do expect our technical security problems to grow linearly as a function of the amount of technology we use. And it's no surprise that the financial risk will grow at a non-linear rate as we look to fund larger operations. However, I see the exponential growth coming largely from changes in rules and regulations and client demands from different areas of the world. Soenksen: It's growing. Lack of control of systems in other countries, change management issues, the configuration of a network to be uniform and other considerations are increasing the complexity of security. Also, knowledge and compliance with different data privacy laws will add to the complexity. Cunningham: Almost by definition, security issues will grow and change. Electronic data interchange agreements are a fine example of security problems that few firms have yet tackled well. Safran: With complexity in growing and managing global enterprises comes a natural increase in security problems. More things and people to manage, different cultures, different values and different levels of government controls and rules based on location all contribute to the increased complexity. An example is where certain countries monitor Internet traffic or others that have stringent rules around transmission of in and outbound data . . . all of this adds complexity to privacy and security requirements. Differences in security and privacy laws as well as practice guidelines vary from country to country. Do you believe these differences are giving an advantage to local and regional firms focused in primarily one country? Patterson: Not really; the lawyers in the offices in those locations become the experts on the local regulations, you just develop internal local expertise. Davidson: Not yet. Jurczyk: I believe that non-revenue generating functions can only impact two of the three dials linked to competitive advantage: customer perceived value and cost of operations. It is my opinion that compliance with these rules and regulations in many countries is required and/or implied, therefore, it cannot impact customer perceived value. To the extent that a firm is able to demonstrate compliance with these rules and regulations at a cost less than its competitors, I believe strong risk management/security programs can contribute to a competitive advantage so long as revenues associated with serving the clientele necessitating compliance are realized. Soenksen: Maybe . . . The local attorneys in each office should or will be aware of their particular laws and educate the other partners as to what their requirements are for their jurisdiction. The issue will be whether the firms' technologies, policies, training and support infrastructure will be in place to keep the local offices competitive. Cunningham: A one-country firm would only have potential advantage with one-country clients. A firm dealing with multinational clients has to understand and address these multinational issues, not stop working across borders. Safran: They may have a slight increase in competitive advantage, but knowledge of local laws does not provide a high barrier to entry. A firm's local or regional understanding of security and privacy rules can help support local and collaborative law practices; however, my sense is that the competitive advantage of local or regional firms does not greatly differ from global firms. After all, many global firms acquire local or regional offices of other firms or lateral hires or they hire local talent with that competitive knowledge. Everyone admits the technical landscape is changing, and nobody argues the link between technology and risk. As a result of these changes, do you foresee risks increasing, decreasing or staying the same in size, scope and magnitude? Patterson: Risk will always increase as you make systems and data more widely available to people on more platforms and over new and varied mediums. Davidson: I see it increasing, as it is only more difficult to stay on top of the risk with the methods, laws, and exploits changing so quickly. Jurczyk: I believe that as new technologies are developed, released and adopted by the masses, our cumulative risk does grow; not growing is simply unavoidable in this context. However I also believe that a good risk management process can balance the incremental risk against potential value to the firm. For example, by producing more donuts, you are increasing the total calories that I can consume, thus my belt size. However, by my choosing to only eat half of the donut or better yet (and less likely) me not eating the donut, I am controlling my calories, thus belt size. These same basic rules apply to managing technical risk. Soenksen: I see it increasing; as technologies such as Web applications and software as a service become more prevalent, the risks associated with sharing confidential or private information become an increasing challenging to protect. Cunningham: Technical risks increase but in a relatively small way compared to information management and people risks. Safran: For much the same rationale in question three, I see risks increasing, mostly due to the increased complexity in firm growth, geographic expansion and increasing country rules and regulations. Technology continues to evolve and progress, which adds increased complexity to user and network environments. Integration with other rapidly advancing technology sets also causes greater risk. If you had to identify three technologies that carry with them the greatest risk, what would they be? http://www.iltanet.org/MainMenuCategory/Archives/PeertoPeerArchives/November2008/... 11/5/2011
  • 3. The Risk Landscape - The Experts Help Your Firm Guard Against Risk Page 3 of 4 Patterson: VoIP, virtualization and Outlook Web Access, which is less a technology and more an application, but I had to throw it in. Davidson: Mobile devices, flash drives and WiFi. Jurczyk: First, there are the peer-to-peer technologies, including collaboration technologies such as instant messaging, that place the firm at great risk. The pressure to allow the use of these technologies in service of our clients is rising globally while, at the same time, recent studies released by the FBI suggest that these technologies are becoming a conduit for information theft by crackers, hackers and state-sponsored espionage programs. Although our options for blocking and logging use are getting better, I believe many are reactive and largely useless in the long term, and the only real solution lies in embedding security into the information which transcends corporate boundaries. Also, portal and information collaboration platforms, which represent the melding of my two top risks - the upward trend in attack targets (application layer) and the increasingly complex regulatory landscape. Without belaboring the point, I believe this melding of the technical and non-technical represents quite possibly the biggest risk facing firms today and over the next two to four years. Third, mobile devices carry a lot of risk. These devices continue to grow in storage and processing capability and are becoming required in order to practice law. This trend, coupled with the rapid integration of non-business features such as music, video and the Internet, has opened up a new dimension to the risk landscape. I believe these technologies will grow in use, will become more and more consumer- focused and will be a future attack platform of choice. Soenksen: Ubiquitous computing, meaning the use of BlackBerry devices, PDAs and iPhones outside of the confines of the traditional in -house network, is the greatest risk since these devices can contain highly sensitive information and are easily lost. Next, there are the Web-based portals; accessing highly confidential data from outside the boundaries of the law firm carries the risk of this data being compromised, either by a hacker or unauthorized party. This data can be accessed from any public computer and leave residual confidential information on the hard drive of an unauthorized computer. Or, it is accessed from home where employees do not have the same level of security found in the enterprise. If this data is then downloaded to the home computer, the risk increases. Then there's e- mail. Due to the capacity of e-mail accounts, the "smoking gun" of a lawsuit will be buried in the countless number of e-mail messages. Additionally, if the uses of Web-based e-mail such as Gmail accounts are incorrectly used by employees to conduct law firm business, the risk of this information being compromised is great, since the law firm does not have control over the Gmail servers. Cunningham: The use of e-mail has single-handedly broken down the former partner review and records management processes of firms. What used to be a letter carefully read by a partner before it left the door is often now a casual e-mail message sent directly by a junior lawyer. Then there are remote access configurations; many are poorly or thinly configured and have password-only authentication - a hacker's dream. And then there's Google, which is used more often than any partner thinks. Safran: The three most risk-filled technologies are mobile devices, websites and mobile workers. Mobile devices lead to more local data that needs to be secured and further decentralizes where risky documents and records reside. Also, collaborative applications and websites are risky, for the same reasons as above. And the increasing number of mobile and dispersed home knowledge workers means more data records need to be protected in environments that are inherently localized, unstructured and flexible. How do you think the economy is affecting security in law firms? Patterson: As clients go under firms lose revenue streams. Plus, clients are using firms like banks; they're not paying their bills or they are very slow to pay the bills. Davidson: As our clients are affected, we become affected. Some verticals (bankruptcy, for example) are stronger. Jurczyk: The economic problems we're facing today are unprecedented in modern history - at least since technology has become mainstream. In light of these extreme circumstances, I believe all non-revenue generating activities have been affected in varying degrees, which include a firm's investment in technology, accounting, marketing and security. However, after looking at our finances and reflecting on what my peers are doing, I believe the economy is having less effect on security spending (proportionally) than in other areas for two reasons. First, once security matures in an organization, capital and operating costs tend to decline sharply making it one of the least expensive areas to operating when compared to others. Second, and probably more important, you may be able to defer an upgrade one more year, but you can't afford to leave systems unprotected; in order to work, you must protect systems from viruses and respond to intrusions. In that respect, security is like accounting - you have to pay your bills in order to keep the lights on, just like you have to protect your organization's capacity to work. Soenksen: Law firms are feeling the effects of the recent downturn in the economy as the demand for some legal services are declining. Thus, law firms are reviewing all capital and expense items and are determining what security initiatives need to be performed this month/quarter/year or delayed until the next month/quarter/year. Cunningham: No noticeable effect seen yet. More firms are auditing IT now, so that could have a long-term effect by ensuring firms at least understand their security situation. However, this could be offset in the short-term by firms that may stop advancing the staffing and investments in security. Safran: As firms evaluate overall spending, it becomes harder to rationalize spending on information or other security measures versus investments that spur business. I am already hearing about security budgets taking a squeeze in many of our clients - and headcount reductions and freezes are having some effect. Looking into the future, do you see a convergence between security as it exists today and broader risk management (e.g., enterprise risk management)? If so, what's behind this shift? http://www.iltanet.org/MainMenuCategory/Archives/PeertoPeerArchives/November2008/... 11/5/2011
  • 4. The Risk Landscape - The Experts Help Your Firm Guard Against Risk Page 4 of 4 Patterson: I think that shift would have to be clearly established in the corporate sector before law firms would follow. They have too much of a lemming mentality, and I don't see firms leading in any areas of risk management or security. Davidson: Yes, because IT is a business center, not a black box. Risk is risk. Those that limit it to IT leave huge gaps in their risk management plans Jurczyk: History is the best predictor of the future, and, assuming that trend holds, I do expect there to be a convergence of risk management functions in the short and long term. As firms look for new ways to compete, customer perception and costs become critically important and will serve as the forces driving the convergence and pushing us towards an enterprise risk management function. In light of this opinion, I see two changes occurring across the legal vertical over the next few years. I predict this function will broaden in scope over the next year or so to include physical security, investigations and forensics. This makes sense given the close relationship with these functions and IS, and thus presents an opportunity to drive costs down. With this added responsibility, it will move up organizationally and may shed some day-to-day technical responsibilities given the operational framework of the IS department. The last step I see is this function expanding to include broader operational risk management functions such as conflicts, insurance, new business intake, records and others. Although this appears at first blush a giant leap, each of these functions directly ties to either the active or passive management of operational risks. At this point, I foresee the potential for reduced day-to-day responsibilities and upward pressure on this function to include greater involvement with the practice groups, general counsel and executive director, COO, etc. I believe firms that take these steps will grow their competitive advantage over those who do not take these steps Soenksen: There will be a convergence between security and enterprise risk management. This shift will be prompted by more laws concerning security issues as more client data is stored on removable media devices, in different locations and different jurisdictions and as the remote workforce grows. Law firms need to be proactive in combating the risk associated with remote access and storage and the mobile workforce with an enterprise view of the total risk to the firm versus the traditional risk silos. Cunningham: Security will continue to evolve under a risk management umbrella, but it will stand in line behind electronic information management and business continuity to get there. Safran: We do see a shift in our larger clients that have implemented more centralized enterprise risk management structures and organizations. In some cases, these risk management functions report to the firm's general counsel or "director" of enterprise risk management. These functions are becoming increasingly responsible for information security, physical security, new business intake and file open functions, general compliance, records management or a combination thereof. About our author :: :: :: Adam Hansen, Sonnenschein Nath & Rosenthal LLP, is responsible for all information security, including setting policy, risk management, product selection and implementation, investigation and crisis management. Adam is also the president and founder of the National Security & Privacy Executive Roundtable, a user group dedicated to knowledge sharing among security professionals. Adam serves as Vice President of ILTA's Risk Management Peer Group. He can be reached at ahansen@sonnenschein.com. © 2011 International Legal Technology Association MyILTA | E-Groups | Contact Us | | | | Site Map | Terms & Conditions 9701 Brodie Lane, Suite 200 Austin, TX 78748 http://www.iltanet.org/MainMenuCategory/Archives/PeertoPeerArchives/November2008/... 11/5/2011