Cybersecurity compliance for attorneys

Slides:

Advertisements

Similar presentations

OCTAVESM Process 4 Create Threat Profiles

Advertisements

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

TECHNOLOGY & ETHICS Association of Corporate Counsel ©

Recent Trends and Insurance Considerations March 2015

3rd Party Risk Categorization Process

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Chapter 11: Policies and Procedures

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

IT Professionalism Ethics Modified by Andrew Poon.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.

Carlsmith Ball LLP Cyber Issues For Lawyers Deborah Bjes October 22 nd, 2015.

Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.

Policies and Procedures Security+ Guide to Network Security Fundamentals Chapter 11.

New A.M. Best Cyber Questionnaire

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

February,  On October 23, 2015 the Commodity Futures Trading Commission (“CFTC”)approved National Futures Association’s (“NFA”) interpretive notice.

Protecting your Managed Services Practice: Are you at Risk?

Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.

Security – 2015’s Biggest Threat to Client Confidentiality A Panel Discussion Joseph Abrenio, VP of Cyber Advisory Services & General Counsel Delta Risk.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Best Cyber Security Practices for Counties An introduction to cybersecurity framework.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Figure 1. Current Threat Landscape Sentiment From: ESG Research Report: Cyber Supply Chain Security Revisited. Source: Enterprise Strategy Group, 2015.

Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.

Figure 1. Current Threat Landscape Sentiment

Cyber Insurance Risk Transfer Alternatives

Law Firm Data Security: What In-house Counsel Need to Know

Ethics & Technology Sari w. montgomery Robinson Law group, llc

Michael Wright • Chief Security Officer • Tech Lock

An Attorney’s duty of Technical Competence

New A.M. Best Cyber Questionnaire

The Ethics of Telepsychology

Data Minimization Framework

Data protection headaches: GDPR, brexit AND perimeter risk

Responding to Intrusions

Decrypting Data Compliance in China

Disaster Recovery Policy & Procedures

Lecture 14: Business Information Systems - ICT Security

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Privacy and Security in the Employment Relationship

Breaches and State Bars: Legal Ethics in Cybersecurity and Data Breaches Seth M. Wolf Associate General Counsel University Hospitals Health System Scott.

Chapter 3: IRS and FTC Data Security Rules

Information Security: Risk Management or Business Enablement?

I have many checklists: how do I get started with cyber security?

Protect your Business February 2018

Information governance and information security

Cyber Trends and Market Update

Data Privacy and Cybersecurity: What Every Lawyer Needs to Know

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

CRITICAL INFRASTRUCTURE CYBERSECURITY

Cyber Risk & Cyber Insurance - Overview

Cyber security Policy development and implementation

The Health Insurance Portability and Accountability Act

Cyber Security: What the Head & Board Need to Know

Texas Assisted Living Association 2019 Conference

Anatomy of a Common Cyber Attack

Presentation transcript:

Cybersecurity compliance for attorneys Steven M. Bucher

Cybersecurity Readiness Data and information systems under your control Likely threats and vulnerabilities Legal landscape Information security standards for the legal profession Event response and loss mitigation

What is information security and why is it important? Data Information systems Internet privacy Why is it Important? High risk: Intentional attacks, unintentional disclosures, non-tech disasters, etc. Lawyers are target rich information pools Cyber events can cause considerable loss

What’s at stake? Loss of data Hardware, software, and network integrity Business interruption Loss of future business Harm to reputation Legal exposure

Legal Landscape Federal laws State laws Industry standards International laws Guidance on best practices

Legal profession and information security Rules of Professional Responsibility: ABA versus Louisiana ABA Formal Opinion 477R Competence, Rule 1.1 Confidentiality, Rule 1.6 Communication, Rule 1.4 Supervisory duties, Rules 5.1 - 5.3

Securing client information and work product Keep abreast of the changes, laws, benefits, and risks of technology Make reasonable efforts to avoid unauthorized access or disclosure of client information “Reasonable efforts” are generally sufficient “Special security precautions” are necessary in some circumstances Address information security with clients and third parties Implement periodic employee training

Institutional considerations Security by design - stick to the basics Know what you have, where you have it, what laws apply to it, and when/how it should be disposed Make reasonable efforts to impose preventive measures Business continuity and breach response Vendor management Cybersecurity insurance Revise internal policy annually or as circumstances change

Takeaways Every company has a responsibility to manage its cyber risk Keep informed about the technology you use in your practice and whether it is consistent with your professional obligations Assess what you have, where it is located, and who has access to it Assess your vulnerabilities and prepare a WISP Have an incident response plan Train your employees Manage your vendors Continually evaluate and update your security policies