Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cybersecurity compliance for attorneys

Published byΖένα Τρύφαινα Γιαννόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "Cybersecurity compliance for attorneys"— Presentation transcript:

1 Cybersecurity compliance for attorneys
Steven M. Bucher

2 Cybersecurity Readiness
Data and information systems under your control Likely threats and vulnerabilities Legal landscape Information security standards for the legal profession Event response and loss mitigation

3 What is information security and why is it important?
Data Information systems Internet privacy Why is it Important? High risk: Intentional attacks, unintentional disclosures, non-tech disasters, etc. Lawyers are target rich information pools Cyber events can cause considerable loss

4 What’s at stake? Loss of data
Hardware, software, and network integrity Business interruption Loss of future business Harm to reputation Legal exposure

5 Legal Landscape Federal laws State laws Industry standards
International laws Guidance on best practices

6 Legal profession and information security
Rules of Professional Responsibility: ABA versus Louisiana ABA Formal Opinion 477R Competence, Rule 1.1 Confidentiality, Rule 1.6 Communication, Rule 1.4 Supervisory duties, Rules

7 Securing client information and work product
Keep abreast of the changes, laws, benefits, and risks of technology Make reasonable efforts to avoid unauthorized access or disclosure of client information “Reasonable efforts” are generally sufficient “Special security precautions” are necessary in some circumstances Address information security with clients and third parties Implement periodic employee training

8 Institutional considerations
Security by design - stick to the basics Know what you have, where you have it, what laws apply to it, and when/how it should be disposed Make reasonable efforts to impose preventive measures Business continuity and breach response Vendor management Cybersecurity insurance Revise internal policy annually or as circumstances change

9 Takeaways Every company has a responsibility to manage its cyber risk
Keep informed about the technology you use in your practice and whether it is consistent with your professional obligations Assess what you have, where it is located, and who has access to it Assess your vulnerabilities and prepare a WISP Have an incident response plan Train your employees Manage your vendors Continually evaluate and update your security policies

Download ppt "Cybersecurity compliance for attorneys"

Similar presentations

OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
TECHNOLOGY & ETHICS Association of Corporate Counsel © 2014 1.

TECHNOLOGY & ETHICS Association of Corporate Counsel ©
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
3rd Party Risk Categorization Process

3rd Party Risk Categorization Process
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
Consultancy.

Consultancy.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Chapter 11: Policies and Procedures

Chapter 11: Policies and Procedures
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
IT Professionalism Ethics Modified by Andrew Poon.

IT Professionalism Ethics Modified by Andrew Poon.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch. 43-46 in Controllership : The Work of the Managerial Accountant,

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 11: Policies and Procedures Security+ Guide to Network Security Fundamentals Second Edition.
Carlsmith Ball LLP Cyber Issues For Lawyers Deborah Bjes October 22 nd, 2015.

Carlsmith Ball LLP Cyber Issues For Lawyers Deborah Bjes October 22 nd, 2015.
Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October 27-28 th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.

Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.

Similar presentations

Ads by Google