#SPEC5. Top Down Management Approach To Information Security

Similar documents
IM Certifications? Leveraging Project Management with Information Management (IM) to Foster Collaboration. January 18, 2014.

Ideas to Help Streamline the Case Management Lifecycle

Information Is Your Most Important Asset. #AIIM Learn the Skills to Manage It.

Effective implementation of COSO s new anti-fraud guidance

Crisis Management. November 10, 2016

Social Networking and Internet Marketing in the Financial Services Sector

Emerging Technology and Security Update

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges

PROPOSAL OUTLINE PRIVACY IMPACT ASSESSMENT

Managing Insider Risk through Training & Culture. Sponsored by Experian Data Breach Resolution

An Automated Cornerstone to Privacy & Industry Regulations; End-to-End: Researched Legal Requirements to Defensible Disposition

Records & Information Management More Than Just Retention

The Art of Organizing Architecture

Policy Outsourcing and Cloud-Based File Sharing

Audit Committee Self-Assessments: Why and How?

Stellenbosch University Records Management Policy

Happy New Year, ARMA Chicago Members! Nate Pauley, CRM, President

Why CIP? AIIM International's Certified Information Professional designation was designed to allow information professionals to:

DePaul University Records Management Manual October 1, 2016

Information Governance at Work An IGI Case Study Series

1/10/2017 Notes - Introduction to EA (Enterprise Architecture)

Certified Information Professional 2016 Update Outline

Information Governance Strategy and Management Framework

Audit Committee Performance Evaluation

Making the Most of Your ACC Resources Wednesday, April 27, Association of Corporate Counsel

Marketing Best Practice Records Management. Kemal Hasandedic MBII GDDM MRMA National President RMAA

Hybrid Cloud POV Fremtiden ligger i bi-modal IT

Risk Management and Regulatory Examination/Compliance Seminar October 27, Eric Young CCO-Americas and CCO-IHC

Electronic Record Keeping Principles. October 25, 2011

TOGAF - The - The Continuing Story Story

Conference summary report

6 Ways To Protect Your Business From Data Breaches in 2017

Protecting IP and Ensuring Compliance in Global Product Collaboration

FACEBOOK GUIDE HOW TO USE FACEBOOK FOR RECRUITMENT MARKETING

Elements of a Successful Compliance Management System and Vendor Management Rules of the Road

UNLEASH YOUR DIGITAL VISION #WITHOUTCOMPROMISE Software AG. All rights reserved. For internal use only

GRANITE CONSTRUCTION INCORPORATED AUDIT/COMPLIANCE COMMITTEE CHARTER

Transforming Information Management

Data Governance. Data Discovery.

A WebAttract Webinar User Case Study Bright Hub, Inc. Live Webinar Was Delivered on June 17, 2009

Classification and Metadata. Priscilla Emery President e-nterprise Advisors

Conducting Effective Internal Investigations. From Workplace Harassment to Criminal Conduct and Everything in Between

THE CIO OF THE FUTURE

Employee Wellness Portals. The 4 Game Changers. Choosing the right Platform for your Wellness Program. An ebook presented by

The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,

Portfolio Marketing. Research and Advisory Service

Compliance and Ethics Trends and Predictions

Henkel s Compliance Management System (CMS)

Best Practices for In-House Counsel

Identity and Access Management. Program Primer

Records Management Governance Getting it Right in 12 Steps

IBM Sterling B2B Integrator

Contract Management Systems Starting from Scratch. The Lifecycle of Choosing and Using a Contract Management Process January 14, 2014

The New Focus on Audit Committees

Top 5 Must Do IT Audits

This Webcast Will Begin Shortly

Audit Committee Charter

Table of Contents 1. What s New... 1

THE ELECTRONIC RECORD: FROM WISHFUL THINKING TO REALITY? Tuesday, August 11:00 AM - 12:30 PM Hashtag: #ECMPG2

Internal Audit (IA) for Social Media

Compliance and the Board of Directors

Governing the cloud. insights for 5executives. Drive innovation and empower your workforce through responsible adoption of the cloud

Show notes for today's conversation are available at the podcast website.

CFO #CFOPERFORMANCE. Building Your Brand The Value of Reputation

INSIDE. 2 Introduction 12 Conclusion 4 6. How Prepared Are Corporate Law Departments?

What is ISO 30300? Who, when, where, why and how to implement

Audit and Advisory Services Integrity, Innovation and Quality

Enterprise Content Management and Business Process Management

RESEARCH SPOTLIGHT EXTENDED ENTERPRISE LEARNING

MEDITECH 6.X IMPLEMENTATION 8 PHASES

Digital Insight CGI IT UK Ltd. Digital Customer Experience. Digital Employee Experience

INTERNAL AUDIT DIVISION REPORT 2017/022. Audit of knowledge and records management at the United Nations Framework Convention on Climate Change

SOA Governance is For Life, Not Just a Strategy

Checklist for Higher Education

CIMdata Webinar August 10, 2017 Managing PLM Solution & Data Obsolescence

Enterprise Content Management & SharePoint 2013 As ECM Solution

What Directors Need to Know about Codes of Conduct. Michael Gunns, FCA

06.0 Data and Access Classification

Information Governance

Beyond Compliance. Leveraging Internal Control to Build a Better Business: A Response to Sarbanes-Oxley Sections 302 and 404

SOCIAL MEDIA MARKETING 3/2/2017. Agenda. Social media defined

Records Management Plan

The Risk Management Approach to Information Governance

VENDOR RISK MANAGEMENT FCC SERVICES

Converging Ethics, Governance, and Culture

BIG LOTS, INC. CODE OF BUSINESS CONDUCT AND ETHICS

Will You Be My Friend? Covert Investigations Through Social Media

Compliance by Design Using Innovation to Beat the Compliance Rat-Race

ediscovery at the University of Michigan

SharePoint Lifecycle Management. 31 May 2014

Guide to Ethical Use of Social Media for Texas Lawyers. Zach Wolfe.

The 2017 Retail Technology Report: An Analysis of Trends, Buying Behaviors and Future Opportunities

What is GDPR and Should You Care?

THE INSIDE STORY DISCUSSING THE HOT TOPICS FROM ORACLE LICENSE MANAGEMENT OPEN WORLD 2016

Measuring Corporate Culture: Enhancing the Board s Understanding

Five Tips: How to measure the value of your internal audit department

SETTING POLICIES and GUIDELINES for CONDUCTING INTERNAL INVESTIGATIONS

Internal Controls: Need Them, Have Them, Love Them

REUTERS/Yuya Shino. Thomson Reuters Compliance Learning. Promoting a Culture of Integrity and Compliance

Transcription:

Top Down Management Approach To Information Security Presented by Beth Chiaiese - Foley & Lardner LLP Eric Maher Foley & Lardner LLP Jamie Herman Ropes & Gray LLP Robert Weaver Blank Rome LLP #SPEC5

Presenter: Beth Chiaiese Dir, Prof Resp & Compl Foley & Lardner LLP Presenter: Rob Weaver Dir, Information Security Blank Rome LLP Thank you for being here today Thank Thank you you for for being being here here today today August 19, 2014

Presenter: Jamie Herman Mgr, Information Security Ropes & Gray LLP Presenter: Eric Maher Mgr, Information Security Foley & Lardner LLP Thank Thank you you for for being being here here today today August 19, 2014

Program Goals Here s What We Hope to Do Today: Give you three different road maps of how to get executive buy-in to make information security a priority Will use Foley & Lardner as the case study Other panelists from Ropes & Gray and Blank Rome will provide counterpoint Lots of time for audience input and questions

Polling Questions Question # 1 Use ILTA mobile app or http://ilta.cnf.io and use session code: 319 POLL: Where does Information Security report in your firm? General Counsel Information Technology Compliance / Risk Management Other

First - Why Now? The Time Is Ripe To Focus Management s Attention On More: Regulation External risk Internal risk Client pressure Data dispersion Cost pressure Productivity issues Information Security

Polling Questions Question # 2 Use ILTA mobile app or http://ilta.cnf.io and use session code: 319 POLL: How supportive is your firm s management of Information Security? Very Somewhat Slightly Not at all

The Foley Case Study How Foley & Lardner is making Information Security the centerpiece of its Information Governance program Foley Who are we? What is Information Governance? Is IG a Department or a Function? IG v. IT? Security as a risk management model Executive support for IG and security Managing change Blank Rome and Ropes & Gray As we talk, panelists will each provide their firms approach to these issues Why IT and the business should see eye to eye Lifecycle, lifecycle, lifecycle everywhere Shadow IT to islands of data

Foley & Lardner LLP Who we are and where Information Security reports 17 US offices and 3 international offices 847 attorneys (422 partners) 3 law departments Litigation Business Law Intellectual Property Information Security has a dual reporting structure

Foley Information Security Reporting Compliance AND Technology

Polling Questions Question # 3 Use ILTA mobile app or http://ilta.cnf.io and use session code: 319 POLL: How many personnel are dedicated to Information Security in your organization? None It is part of a couple people s jobs 1 2 3 4 or more

Foley Takes An Information Governance Approach IG is the strategy for making Information Security and Information Management part of the culture What is Information Governance? An enterprise-wide approach to the management and protection of a law firm s client and business information assets. An effective IG Program enables lawyers to meet their professional responsibilities regarding client information, recognizes an expanding set of regulatory and privacy requirements that apply to firm and client information, and relies upon a culture of participation and collaboration within the entire firm. - Iron Mountain Law Firm Information Management Symposium (2012)

IG Is Principle-Based Foley developed 10 Guiding IG Principles. Information Security is at the top. 1. Manage confidential, sensitive or Personal Information as required by law, agreement or Firm Policy 2. Understand third party access requirements 3. Respond promptly to IG Compliance notices 4. File email records regularly 5. Maintain the Firm s Official Records in electronic form, unless hard copy is required 6. Store Official Records in a FLARR 1 7. Organize Official Records by correct client/matter number 8. Retain and destroy records as permitted by Firm Policy 9. Avoid making multiple copies of records 10. Don t handle file transfers (in or out) on your own 1 Foley & Lardner Approved Recordkeeping Repository

Is IG A Function Or A Department? Short Answer At Foley, it s both Foley s IG Department is responsible for: Importing and exporting information Document security, including ethics walls and litigation holds Secure retention and disposition of information Firm Risk Management Vendor Risk Management Information Security Infrastructure Client Audits

But IG Is Also A Function IG Principles should be applied to many information management functions Applies to Client and Business Information Policies, Auditing, Continuous Improvement Systems RIM KM Access Business Security Continuity Firm IP Privacy Matter Life Cycle Matter Mandated Discovery Mobility Destruction Policies, Auditing, Continuous Improvement Policies, Auditing, Continuous Improvement

IG v. IT How is Foley balancing Information Security between IG (Strategy) v. IT (Operations)? IG Strategic Goals Risk Management Based Architectural Role in System and Network Designs More Formal Audit Processes Confidentiality and Integrity Drivers Security Consultants to the Firm IT Operational Goals Operationally Driven Project and Break Fix Focused Availability Motivated

Information Security Risk Model Foley approaches Information Security as a risk management issue. This helps focus priorities and resources, and the attention of Firm Management. ISO 27001 based risk management structure Entering year two. First year focused on technology risks, now looking to expand to Firm Data Risk in general. Dealing with both successes and challenges. Still building the program, and are hoping the move out of IT can help

Risk Management Outside of IT Separating risk from operations to give Firm Management an accurate picture Challenges in IT: Lack of Firm Management Involvement Risk Initiatives Buried in Operational Tasks Risk Projects seen as Security Projects Hopes for New IG Structure: Risks are Coming from Where Firm Expects Separating Risk for Operations Firm Management Involvement in Process More Mature Model that Clients are Expecting

Polling Questions Question # 4 Use ILTA mobile app or http://ilta.cnf.io and use session code: 319 POLL: What are your firm s biggest Information Security concerns? External hacking Internal fraud Ethics violations Breach of client confidentiality Use of personal devices for business purposes Visibility into the firm s exposure to risk

Getting Management Support The real key: Top-down management support for cultural change Where we are now: Very active Information Security Committee The GC and the COO support our efforts The CEO kind of gets it, but helps us communicate The Professional Management team also sort of gets it The message hasn t penetrated the Management Committee or most lawyers and staff Where we re going: Information Governance Advisory Group (Policy and Strategy) Executive sponsors: GC and COO Chaired by Director, IG Members include Director, Prof Resp CIO CFO CHRO CMO Key office and practice leaders Info Sec Committee remains (Operations)

Polling Questions Question # 5 Use ILTA mobile app or http://ilta.cnf.io and use session code: 319 POLL: How are you delivering security awareness education at your firm? Mandatory classroom training Mandatory e-training or educational videos Training is optional but strongly encouraged Distribute educational materials Targeted awareness (email communication) when something comes up Not providing any form of security awareness training

Change Management It s all about education, training and awareness Principle based awareness programs This year: Information Security Awareness Program Monthly theme Stories, articles, case studies SANS videos Presentations (ALAS plus internal) Hands on training (encryption) Connect security to personal life More is better Audience targets Attorneys Staff Technology Department Help Desk Everyone

Questions We ll now open it up for questions

Thank You

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback