Thursday, November 15, 2012

Report from California Risk Roundtables

Last week, we held Risk Roundtable sessions in Los Angeles and San Francisco. Many thanks to Paul Hastings and Gordon & Rees for hosting. Pat Archbold, Head of IntApp’s Risk Practice Group, delivered a presentation about the risks associated with default-open document management systems.

He was joined by Adam Carlson and Matt Wolf of Carlson & Wolf, who discussed the importance of human factors in managing a coordinated information security program. Kathryn Hume, a member of the IntApp risk practice team was on hand for both events and sends this report:

  • Dan -- We held two stimulating and informative Risk Roundtable sessions this week in Los Angeles and San Francisco. Both were well attended by a mix of Risk Management and IT leaders from multiple firms.
  • In Los Angeles, discussion focused on real-world challenges of and approaches for managing internal access to sensitive documents and information. Several participants described the tension between competing demands of fostering knowledge sharing vs implementing effective security. Overall, group consensus supported the idea of adopting a hybrid approach, using business rules to grant users access to content on a need-to-know basis. Everyone agreed that the primary challenge going forward will be cultural: IT leaders are looking for ways to convince lawyers that locking down certain sensitive information will not hamper knowledge transfer, but could lead to unanticipated new developments. The team from Carlson and Wolf also underlined the importance of training and awareness to alert lawyers to covert dangers in malware like Trojan horses, spear phishing, and Ransomware.
  • In San Francisco, there was an in-depth discussion about increasing information security audits from clients in financial services, hi-tech and energy sectors, and the measures firms are forced to adopt to survive close examination. One firm mentioned that it required months of preparation to pass a recent audit conducted by a major financial institution. Discussion also touched on new ethical requirements recommended by the ABA 20/20 commission. Lawyers now have an actual ethical duty to alert clients to the risks entailed by using certain technologies, and to prevent possible unauthorized disclosure of confidential information.
  • In both session, representatives from ILTA's LegalSEC initiative were on hand to update attendees on progress towards developing industry security standards and recommended practices. A special thanks to Steven Shock, Chief Technology Officer at Irell & Manella, and Kevin Moore, Director of IT at Fenwick & West.

No comments:

Post a Comment