Concordance Insecurity Andy Kass
|
|
- Cora Ramsey
- 5 years ago
- Views:
Transcription
1 Concordance Tip Sheet August 2012 Concordance Insecurity Andy Kass Back in March, I commented on a report by Evan Koblentz in the March 7, 2012 edition of Law Technology News that a security weakness in the LexisNexis Concordance litigation support system could allow people to hijack database passwords. (See At the risk of sounding cavalier, I contended that while certainly not a good thing, this revelation was of minimal importance because, among other points, the password feature itself was barely ever used. That was, of course, not the last word on the subject; there were some responses on various forums (some along the lines of [W]ish I had that hack when I locked myself out of the Admin account. ), and further repartee between me and Mr. Koblentz. And here s the thing that keeps it stewing: we re both right. The Prosecution Case Mr. Koblentz stands by his source s contention that any application flaw that might lead to illicit access to private or privileged data is a problem that must be acknowledged and addressed. It is hard to argue with that assessment after years of revelations about sophisticated cracker networks going after government, corporate and, increasingly, law firm networks. Bloomberg Businessweek just last week quoted former FBI cyber division executive assistant director Shawn Henry as saying apropos of the so-called Comment Group, [T]his is the biggest vacuuming up of U.S. proprietary data that we ve ever seen. ( Hacked, by Michael Riley and Dune Lawrence, Bloomberg Businessweek, August 6-12, 2012, pp ) So if there is a Chinese consortium out there hacking Halliburton, the European Union s public mail servers, the Immigration and Refugee Board of Canada, Wiley Rein LLP and Locke Lord LLP (source ibid.), what chances do most Concordance shops have of locking down their clients (and their own) sensitive data?
2 Concordance Tip Sheet August That is a question that keeps IT directors, chief security officers, risk managers, network administrators and all manner of tech people up at night. Here are a few more of the goblins intruding upon their rest: (a) Security makes using computers more awkward or difficult. (b) Security is expensive (though not as expensive as failing to have proper security). (c) Security threats are hard to understand. (d) I have a freeware virus scanner. What more do I need? As you might have guessed from the above, any informed push for security can face a lot of push-back. No security initiative, no matter how well conceived technically, can succeed without the explicit approval and cooperation of top-level management. And that can be a problem. The Defense Speaks So how can I possibly respond to this with my dignity intact? I mean, I have certifications going back to Novell, Microsoft, Citrix and Cable & Wireless data networking from a lifetime ago. Sport is still made of my complex but easy-toremember passwords, and I still stand for giving users only the permissions required to do the job. My household is under several standing orders concerning security, under pain of loss of computer privileges. I don t take issue at all with the message of greater security standards. It is the intended audience that bears examination. Does anyone believe that litigation support managers enjoy broad discretion in the establishment and exercise of case security? To the extent that this is a fact, it is the product of firm management embracing a disciplined security model. (Anyone who sees a double-entendre here is reading the wrong blog.) It is an unfortunate fact that many if not most law firms (and many if not most corporations, for that matter) treat information technology as a cost center. Unless management has a vision of the firm as a technology leader and value-added vendor, processors and servers and firewalls and networks and the people who manage them are considered to be a necessary evil, to be outsourced to the greatest extent possible.
3 Concordance Tip Sheet August This view undercuts the specific knowledge and initiative the institutional memory and drive to improve of a firm s technology professionals. The techies in turn must make their case in language that leadership can understand. The lit support manager is stuck between these two poles. Litigation support is on the operations i.e., the billable side of the ledger. But rather than having greater influence on security, the litigation support manager is under greater pressure to deliver. This person is already working with the litigation team, vendors, and permanent or temporary reviewers, under deadlines and through shifting priorities. I believe that it is unreasonable to expect that, in addition to overseeing identification, collection, keyword collation and specification, processing, reviewing, quality control, and preparation for production and depositions, that the litigation support manager will manage, nay, demand application-level security above the litigation team s specifications or the default settings of an internally-hosted and accessed database. If you look at LAN-based (local) document review applications, none really offered robust security. Summation and Concordance both looked more at leveraging network login credentials to keep users to their own cases; most of the time, even this level of security was overlooked in the name of expediency. Concordance offers an additional level of security Logon Required which adds a separate layer of authentication unique to the database itself; this added security layer, which is part of the database, is what was opened by the Concordance Hack. I m happy to be challenged on this assertion, but it is my impression that this added security was used on maybe as much as 1% of all Concordance case databases. Why? -- Separate User accounts have to be set up for each user (no Default user backstop). -- The administrator has no control over user passwords users can even set <blank> passwords. -- Users often forget passwords, which cannot be reset by the administrator without knowing the original, so more work is required to delete and completely re-create the User account in the case database. -- In a concatenated set, security must be coordinated through all databases by hand.
4 Concordance Tip Sheet August It is not unknown for the Administrator password to fail, rendering administration of user security settings impossible. And, remember, this is a local area network (LAN) based application. It was designed to be used within a premises, which itself should be secured at the perimeter and regulated by local user permissions. The world has indeed moved on; the security model of Concordance (and of Summation iblaze and MS Office) really has not. That is where LexisNexis s announcement this week of the availability of hosted Concordance Evolution is significant. In the age of the Internet, the hosted review software model is now the mainstream. As such, hosted review software is designed to provide broader and deeper access control in a client/server model, where the full arsenal of data integrity, maintenance and security tools are in play at the back end. Clients use browsers with SSL encryption to the host site. This model presupposes the presence of database, network and security administrators around the clock to meet and exceed service level thresholds. After all, hosting is their business. This model also lifts the burden of security enforcement from the shoulders of the litigation support manager. Once the user accounts and access levels are specified and the database design completed, he or she can do the main job: supervise the trolling and production of data. Proposed Order So in releasing a product that meets modern standards, is LexisNexis justified in ignoring a hack on its older LAN technology? At very least, we should expect guidance as to a prospective fix or at least a work-around from LexisNexis. Some suggestions as to the latter: Counsel the use of Active Directory access controls and share permissions to enforce case access rules. If providing remote access to a Concordance Classic database using Citrix, secure Citrix access with SecureID tokens (which have also been cracked) in high-value cases, and cycling complex passwords otherwise. In Citrix, only publish the application, not a desktop. Restrict command-line access to the Citrix session.
5 Concordance Tip Sheet August Block passage of.sec files across the firewall. Block known script types at the firewall. Make a call on whether other remote access methods (RDP, LogMeIn, WebEx Access Anywhere) provide sufficient security for Concordance Classic. This does not require endorsement, merely a disapproval of a method that does not measure up to securing Concordance data. I m sure that people with current InfoSec credentials could tweak or add conditions. The point is, there is something that you can do (with a little help from your IT friends) to make your stuff a little harder to get at and thus a little less appealing than that of a less diligent person. Even if it cannot justify rewriting ancient case security code, LexisNexis needs to get out in front of this in a way that offers users a clear path and a clear choice. There are many firms that wish to continue using Concordance Classic. They don t want to see it disappear, but don t want to see their data disappear, either. This should be seen as an opportunity for LexisNexis to connect with its application user community. The company wants to be seen as a legal technology leader. Leadership starts with standing up and stepping forward. The views expressed in this Concordance Tip Sheet are solely the views of the author, and do not necessarily represent the opinion of U.S. Legal Support, Inc. NEWS YOU CAN USE Just in time for ILTA, Concordance Evolution has been released by LexisNexis as a hosted review platform. This is the summer release promised back at Legal Tech, making the review tools available to end users while the administrator tools are being refined through practical use by LexisNexis. I ll be looking at a demo in about a week, and will have more to report next month about this long awaited reimagining of Concordance... The Concordance Tip Archive (all the way back to October 2005!) is available on our Web Site at Feel free to leave me a note, a comment, a suggestion or a Tip request. While you re there, don t miss our Resources page, which lists the Tip Sheet Archive and our current CLE offerings (
6 Concordance Tip Sheet August and of course, check into all the other great things U.S. Legal Support can do for you. -- Andy Kass akass@uslegalsupport.com U.S. LEGAL SUPPORT, INC. Array Technology Group ESI & Litigation Services PROVIDING EXPERT SOLUTIONS FROM DISCOVERY TO VERDICT e-discovery Document Collection & Review Litigation Management Litigation Software Training Meet & Confer Advice Court Reporting Services Record Retrieval At Trial Electronic Evidence Presentation Trial Consulting Demonstrative Graphics Courtroom & War Room Equipment Worldox Document Management Deposition & Case Management Services Document Review & Contract Staffing Copyright 2012 U.S. Legal Support, Inc., 425 Park Avenue, New York NY (800) All rights reserved. To update your address or unsubscribe from these mailings, please reply to this with CANCEL in the subject line.
Security Andy Kass. Now, Security:
Concordance Tip Sheet June 2011 Security Andy Kass As I ll discuss in next month s installment, you can export the settings from a database to a comma separated value (CSV) file that may be opened and
More informationWelcome to the Datacenter Andy Kass
Concordance Tip Sheet March 2013 Welcome to the Datacenter Andy Kass Those of you who have followed this blog from near its inception in 2005 (that is, since before we called it a blog ) can hearken back
More informationMaintaining Concordance Andy Kass
Concordance Tip Sheet May 2010 Maintaining Concordance Andy Kass In this forum we normally discuss the nitty gritty of document review in Concordance, detailing searching, tags, tallying, production, and
More informationConcordance Native Viewer Andy Kass
Concordance Tip Sheet August 2011 Concordance Native Viewer Andy Kass Remember how we ve said, here and elsewhere, that what Concordance really needed most desperately was an electronic document viewer?
More informationV10 Conversion Report Andy Kass
Concordance Tip Sheet October-November 2013 V10 Conversion Report Andy Kass Back in July, we explored Concordance v10 conversion. One thing I touched on but did not discuss in detail was the Conversion
More informationWhat s Old Is New A Peek At Concordance Andy Kass
Concordance Tip Sheet February 2014 What s Old Is New A Peek At Concordance 10.20 Andy Kass This is generally where I d report on Legal Tech New York 2014, held this year on February 4-6 at The Hilton
More informationConcordance and Transcripts Andy Kass
Concordance Tip Sheet June 2010 Concordance and Transcripts Andy Kass We have generally discussed in this series Concordance as used on documents. Whether scanned documents with TIFFs for Concordance Image,
More informationSEARCHING BEST PRACTICES: LARGE DATA SETS
Concordance Tip Sheet April 2009 SEARCHING BEST PRACTICES: LARGE DATA SETS In the world of document review, size matters. Back in the days of paper, large firms would carpet bomb opponents with caravans
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationHow NOT To Get Hacked
How NOT To Get Hacked The right things to do so the bad guys can t do the wrong ones Mark Burnette Partner, LBMC -Risk Services October 25, 2016 Today s Agenda Protecting Against A Hack How should I start?
More informationEBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS
EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS HOW SECURE IS YOUR VPN ACCESS? Remote access gateways such as VPNs and firewalls provide critical anywhere-anytime connections to the networks
More informationE-Discovery Tip Sheet
E-Discovery Tip Sheet Further Searching Thoughts If you think about it, there is nothing really simple about searching. Computers have afforded us the comfort that, if something has been saved and we use
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationHow to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More informationMEMORANDUM AND ORDER ON PLAINTIFFS' MOTION TO COMPEL
National Economic Research Associates, Inc. v. EvansMass.Super.,2006. Superior Court of Massachusetts. NATIONAL ECONOMIC RESEARCH ASSOCIATES, INC. and Marsh & McLennan Companies, Inc., Plaintiffs v. David
More informationYou re Leaking: Incident Response in the World of DevOps Jerry Dixon & Levi Gundert
You re Leaking: Incident Response in the World of DevOps Jerry Dixon & Levi Gundert JERRY DIXON @jwdixonjr CROWDSTRIKE Chief Information Security Officer AMERICAN EXPRESS Vice President, Cyber Threat Intelligence
More informationADDRESSING TODAY S VULNERABILITIES
E-Guide ADDRESSING TODAY S VULNERABILITIES SearchSecurity E ven if your firm has no legal or contractual obligation to perform them, authenticated scans should be an essential part of your security program.
More informationSteps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.
Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m. The cyber threats are no longer a question of if, but when, a breach will occur. It is important
More informationFinding What There Is To Find Andy Kass
Concordance Tip Sheet May 2013 Finding What There Is To Find Andy Kass If you are staying current with your journals, blogs, newsfeeds, group discussions and trade magazines as part of a standard workday,
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationTOP TRENDING THE MAGAZINE. Menu. 1 of 6 6/7/16 4:38 PM. Keep it Simple, Legal. A New Role Bridging Business and Legal at Shell
Menu TOP TRENDING 1 2 3 4 5 Keep it Simple, Legal A New Role Bridging Business and Legal at Shell GC Perspectives on Legal Operations LGBT Employee Considerations Outside the United States How to Act when
More informationSECURITY THAT FOLLOWS YOUR FILES ANYWHERE
SECURITY THAT FOLLOWS YOUR FILES ANYWHERE SOLUTIONS FOR EVERY INDUSTRY VERA FOR FINANCIAL SERVICES Financial services firms are more likely to be targeted in a cyberattack than other organizations. Changes
More informationcosts maximize results minimize legal research Best Practices for Taming e-discovery futurelawoffice.com
Future Law Office: Best Practices for Taming e-discovery maximize results minimize costs legal research e-discovery: Escalating Costs, Increasing Scope Page 1 Developing a Strategy Page 2 e-discovery Response
More informationSonatype CLM - Release Notes. Sonatype CLM - Release Notes
Sonatype CLM - Release Notes i Sonatype CLM - Release Notes Sonatype CLM - Release Notes ii Contents 1 Introduction 1 2 Upgrade instructions 2 3 Sonatype CLM for Bamboo 3 4 Sonatype CLM 1.13 4 5 Sonatype
More informationSTAUNING Credit Application Internet Sales Process with /Voic Templates to Non-Responsive Prospects 2018 Edition
STAUNING Credit Application Internet Sales Process with Email/Voicemail Templates to Non-Responsive Prospects 2018 Edition Contents 30-DAY CREDIT APPLICATION INTERNET SALES PROCESS... 2 DAY 1 AUTO-RESPONSE
More informationInCommon Federation: Participant Operational Practices
InCommon Federation: Participant Operational Practices Participation in the InCommon Federation ( Federation ) enables a federation participating organization ( Participant ) to use Shibboleth identity
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationIt s Not If But When: How to Build Your Cyber Incident Response Plan
CYBER SECURITY USA It s Not If But When: How to Build Your Cyber Incident Response Plan Lucie Hayward, Managing Consultant Michael Quinn, Associate Managing Director each day seems to bring news of yet
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationIncident Response Services
Services Enhanced with Supervised Machine Learning and Human Intelligence Empowering clients to stay one step ahead of the adversary. Secureworks helps clients enable intelligent actions to outsmart and
More informationTechnology in Litigation:
Technology in Litigation: Tools to Find & Present Needles From the Discovery Haystack California Department of Transportation Legal Division Construction Law Workshop April 15, 2011 I. Introduction Basic
More informationPassword Standard Version 2.0 October 2006
Password Standard Version 2.0 October 2006 TABLE OF CONTENTS 1.1 SCOPE 2 1.2 PRINCIPLES 2 1.3 REVISIONS 3 2.1 OBJECTIVE 4 3.1 POLICY 4 3.2 PROTECTION 4 3.3 LENGTH 4 3.4 SELECTIONS 4 3.5 EXPIRATION 5 3.6
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in InCommon Federation ( Federation ) enables the participant to use Shibboleth identity attribute sharing technologies to manage access
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationNEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE
COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:
More informationInformation Security BYOD Procedure
Information Security BYOD Procedure A. Procedure 1. Audience 1.1 This document sets out the terms of use for BYOD within the University of Newcastle. The procedure applies to all employees of the University,
More informationPROFILE: ACCESS DATA
COMPANY PROFILE PROFILE: ACCESS DATA MARCH 2011 AccessData Group provides digital investigations and litigation support software and services for corporations, law firms, law enforcement, government agencies
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationRoadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise
Roadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise Roadmap for the Modern Enterprise As your AWS environment grows, the importance of instilling governance and following best practice
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationTerms and Conditions between Easy Time Clock, Inc. And Easy Time Clock Client
Terms and Conditions between Easy Time Clock, Inc. And Easy Time Clock Client Client s Responsibility Easy Time Clock, Inc. ( ETC ) is a client-led time and attendance program. The Client is solely responsible
More informationSECURITY AND DATA REDUNDANCY. A White Paper
SECURITY AND DATA REDUNDANCY A White Paper Security and Data Redundancy Whitepaper 2 At MyCase, Security is Our Top Priority. Here at MyCase, we understand how important it is to keep our customer s data
More informationBuilding YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services
Building YOUR Privacy Program: One Size Does Not Fit All Justine Gottshall Partner, InfoLawGroup, LLP Chief Privacy Officer, Signal Jgottshall@infolawgroup.com Adam Nelson Executive Consultant Global Data
More informationBack to the future: The advantages of hosted desktop computing for service sector firms
White Paper Back to the future: The advantages of hosted desktop computing for service sector firms Leveraging cloud computing to release efficiency and competitive advantage www.htl.london Introduction
More informationProtect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013
Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationEADS up. stop think connect
EADS up stop think connect You text, you play games, you share photos and video. You update your status, you post comments, you probably spend some time in a virtual world. Being online connected through
More informationSparta Systems TrackWise Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationBusiness Online Banking & Bill Pay Guide to Getting Started
Business Online Banking & Bill Pay Guide to Getting Started What s Inside Contents Security at Vectra Bank... 4 Getting Started Online... 5 Welcome to Vectra Bank Business Online Banking. Whether you re
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationLeading Authority Doug Kaminski On 3 Key Ways To Protect Your IP. #FearlessLaw on High Performance Counsel
Leading Authority Doug Kaminski On 3 Key Ways To Protect Your IP #FearlessLaw on High Performance Counsel #BakersDozen is a series of interviews with leading professionals in the fields of law, consulting,
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationPart 1: Understanding Windows XP Basics
542362 Ch01.qxd 9/18/03 9:54 PM Page 1 Part 1: Understanding Windows XP Basics 1: Starting Up and Logging In 2: Logging Off and Shutting Down 3: Activating Windows 4: Enabling Fast Switching between Users
More informationStreamline IT with Secure Remote Connection and Password Management
Streamline IT with Secure Remote Connection and Password Management Table of Contents Introduction Identifying IT pain points Selecting a secure remote connection and password management solution Turning
More informationmaxecurity Product Suite
maxecurity Product Suite Domain Administrator s Manual Firmware v2.2 ii Table of Contents BASICS... 1 Understanding how maxecurity products work in your company... 1 Getting started as a Domain Administrator...
More informationCybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference
www.pwc.com 2016 ISACA Atlanta Chapter Geek Week Conference Highlights from surveys 38% Amount of security incidents In 2015, 38% more security incidents were detected than in 2014. $4.9M Cost of security
More informationBRING SPEAR PHISHING PROTECTION TO THE MASSES
E-Guide BRING SPEAR PHISHING PROTECTION TO THE MASSES SearchSecurity phishing. I n this expert tip, David Sherry describes how a combination of technical controls and user awareness training can help put
More informationSAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010
JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor
More informationCyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)
Cyber Security Presenters: - Brian Everest, Chief Technology Officer, Starport Managed Services - Susan Pawelek, Accountant, Compliance and Registrant Regulation February 13, 2018 (webinar) February 15,
More informationTop Ten Tips for Managing e-discovery Vendors
Top Ten Tips for Managing e-discovery Vendors Apr 03, 2013 Top Ten By Daniel B. Garrie This resource is sponsored by: By Daniel B. Garrie, Senior Managing Partner, Law & Forensics LLC, Thomson Reuters
More informationPilieroMazza Webinar Preparing for NIST SP December 14, 2017
PilieroMazza Webinar Preparing for NIST SP 800-171 December 14, 2017 Presented by Jon Williams, Partner jwilliams@pilieromazza.com (202) 857-1000 Kimi Murakami, Counsel kmurakami@pilieromazza.com (202)
More informationDepartment of Defense Public Affairs Guidance for Official Use of Social Media
Department of Defense Public Affairs Guidance for Official Use of Social Media References: (a) DoD Instruction 8550.01, DoD Internet Services and Internet-Based Capabilities, September 11, 2012 (b) DoD
More informationMaria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor Security
Migrant Student Information Exchange (MSIX) Security, Privacy and Account Management Webinar Deloitte Consulting LLP. February 22, 2018 Maria Hishikawa MSIX Technical Lead Sarah Storms MSIX Contractor
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationXerox FreeFlow Print Server. Security White Paper. Secure solutions. for you and your customers
Xerox FreeFlow Print Server Security White Paper Secure solutions for you and your customers Executive Summary Why is security more important than ever? New government regulations have been implemented
More informationOperationalize Security To Secure Your Data Perimeter
Operationalize Security To Secure Your Data Perimeter GET STARTED Protecting Your Data Without Sacrificing Business Agility Every day, companies generate mountains of data that are critical to their business.
More informationVillage Software. Security Assessment Report
Village Software Security Assessment Report Version 1.0 January 25, 2019 Prepared by Manuel Acevedo Helpful Village Security Assessment Report! 1 of! 11 Version 1.0 Table of Contents Executive Summary
More informationSubmission to the International Integrated Reporting Council regarding the Consultation Draft of the International Integrated Reporting Framework
Submission to the International Integrated Reporting Council regarding the Consultation Draft of the International Integrated Reporting Framework JULY 2013 Business Council of Australia July 2013 1 About
More informationSparta Systems Stratas Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationGuide to Getting Started. Personal Online Banking & Bill Pay
Guide to Getting Started Personal Online Banking & Bill Pay What s Inside Welcome to National Bank of Arizona s Online Banking. Whether you re at home, at work, or on the road, our online services are
More informationMANAGING LOCAL AUTHENTICATION IN WINDOWS
MANAGING LOCAL AUTHENTICATION IN WINDOWS Credentials Manager Windows OS has a set of tools that help remedy some of the authentication challenges. For example, the Credential Manager in Windows 7 and newer
More informationIMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES
IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES Introductions Agenda Overall data risk and benefit landscape / shifting risk and opportunity landscape and market expectations Looking at data
More informationFundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL
Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL Shifting budgets and responsibilities require IT and physical security teams to consider fundamental change in day-to-day
More informationFederal Rules of Civil Procedure IT Obligations For
Federal Rules of Civil Procedure IT Obligations For Email Message Logic is a business unit of Data Storage Corporation. 212-564-4922 www.messagelogic.net or www.datastoragecorp.com 2013 Data Storage Corporation,
More informationTime Management & Technology For Bar Leaders: Practical Tips For Success & Sanity
Time Management & Technology For Bar Leaders: Practical Tips For Success & Sanity John R. Maley jmaley@btlaw.com Barnes & Thornburg, LLP 2002 President, Indianapolis Bar Association 2008 Treasurer, Indiana
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationTime Management & Technology For Bar Leaders 2010: Practical Tips For Success & Sanity. Our Agenda. Why Talk About Time Management & Technology?
Time Management & Technology For Bar Leaders 2010: Practical Tips For Success & Sanity John R. Maley jmaley@btlaw.com Barnes & Thornburg, LLP 2002 President, Indianapolis Bar Association 2008 Treasurer,
More informationMOVE BEYOND GPO FOR NEXT-LEVEL PRIVILEGE MANAGEMENT
MOVE BEYOND GPO FOR NEXT-LEVEL PRIVILEGE MANAGEMENT DON T USE A HAMMER MOVE BEYOND GPO FOR NEXT-LEVEL TO TURN A SCREW PRIVILEGE MANAGEMENT The first stage of privilege management Most organizations with
More informationDown Under Centre Employment Hub - Privacy Policy Introduction
Down Under Centre Employment Hub - Privacy Policy Introduction Your Privacy is of the utmost importance, we are therefore committed to safeguarding your personal information. That starts with helping you
More informationPrivacy Policy. For purposes of this Agreement, Site refers to the Company s website, which can be accessed at
Privacy Policy Michelle Freeman VA (the Company ) is committed to maintaining robust privacy protections for its users. Our Privacy Policy ( Privacy Policy ) is designed to help you understand how we collect,
More informationAdobe Security Survey
Adobe Security Survey October 2016 Edelman + Adobe INTRODUCTION Methodology Coinciding with National Cyber Security Awareness Month (NCSAM), Edelman Intelligence, on behalf of Adobe, conducted a nationally
More informationBiometrics problem or solution?
Biometrics problem or solution? Summary Biometrics are a security approach that offers great promise, but also presents users and implementers with a number of practical problems. Whilst some of these
More informationCentrify for Dropbox Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Centrify for Dropbox Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationSecurity Survey Executive Summary October 2008
A government technology Executive Survey Summary: HP Security Survey Executive Summary October 2008 Produced by: In Partnership With: Introduction Information is paramount to the survival of government
More informationNT 0018 Instructions for Setting Up UoE_Secure (XP)
Academic Services Information & Computing Services Division Network Team NT 0018 Instructions for Setting Up UoE_Secure (XP) Document reference: Document type: Document status: Review period: NT0018 Network
More informationCreating a Listing Access to Listing Search Listings Contacting Users/Message Center Edit/Update Listing
Creating a Listing What is the process for creating a listing? What information is required to complete a listing? What information will be visible to other users? About how long does it take to complete
More informationINCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.
INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS Protect Critical Enterprise Applications and Cardholder Information with Enterprise Application Access Scope and Audience This guide is for
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationD6.1. Project website and internal IT communication infrastructure HINT. 36 months FP7/
D6.1 Project website and internal IT communication infrastructure Project number: 317930 Project acronym: Project title: HINT Start date of the project: 1 st October, 2012 Duration: Programme: Holistic
More informationSTOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.
Intelligence-driven security STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions. BETTER INTELLIGENCE. BETTER DEFENSE. The
More informationINCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES
INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity
More informationCloud Access Manager Overview
Cloud Access Manager 8.1.3 Overview Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More information