Charlie Platt, Director of Data Analytics for iDS, resumes his Ethical Hacker column with a piece on how reducing cyber risk can get in the way of your business – that is, if your rules lack flexibility. The best way to implement successful cyber risk programs without hurting your business, he says, is to design them to adapt to dynamic business requirements by providing an approved exception process.

It’s been a while since I’ve been on these pages. I’ve missed it and it’s good to be back. One big change is that I’m now also focused on data analytics in addition to cybersecurity. I will be heading up the Data Analytics practice at iDS and Robert Kirtley is heading up the Cybersecurity practice. Together we will be talking about how data analytics and cybersecurity go hand in hand, and how we can assist each other in achieving great results for our clients.

In light of that new focus, I’d like to tell you about a project I recently worked on for a client. While on the surface our work was focused on data, there were strong undercurrents of cybersecurity throughout the project. We were engaged to assist the client
Continue Reading

In this inaugural iCyber Solutions blog post, Robert Kirtley of iDS gives a quick overview of phishing attacks and the damage they can cause, frequency of attacks, and some common types of phishing attacks. In the second installment, he’ll concentrate primarily on how to prevent and recover from a phishing attack.
Continue Reading

An annotated review of Information Governance Insights columns from 2017

The scope of corporate counsel duties has changed rather rapidly and drastically in the past decade. As companies have quickly begun to digitalize nearly every aspect of their operations, digital information has become the lifeblood and primary asset of nearly all business, in every industry, in every sector. Whether a company makes or sells widgets, transports goods or people, facilitates markets or financial transactions, or provides services of any sort, in the past few years it has also become an information business. The volume of digital information flowing through companies has also grown exponentially in this same short period.
Continue Reading

Data migration has reached a tipping point. The vast majority of technology decision-makers (84 percent) say that their organization invested in cloud services in 2016, according to Insight’s 2017 Intelligent Technology Index report. It noted that “while only 15 percent have fully migrated their corporate application workloads to public clouds, 47 percent are more than halfway implemented in the cloud, with large and medium companies leading the way.”
Continue Reading

Article by: Charlie Platt / iDiscovery Solutions

I’ve written on this topic before, and despite the danger of sounding like a broken record, I will repeat myself: Cybersecurity is all about risk management. Many of you are likely working with your company’s chief information security officer (CISO) and security teams to help assess and control this cyberrisk. (At least I hope you are.) And one of the first things most security professionals recommend is taking an inventory of your IT assets. In fact, it’s embodied in the first Function of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework:

“The activities in the Identify Function are foundational for effective use of the Framework. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs. Examples of outcome Categories within this Function include: Asset Management; Business Environment; Governance; Risk Assessment; and Risk Management Strategy.”


Continue Reading

Interview with Scott Lefton/AccessData

Scott Lefton is a senior sales engineer at AccessData. Though he is not directly involved in conducting or supervising investigations, he spends a lot of time talking to the people who do, including chief security officers, people in HR and, of course, in-house lawyers. He listens to their “woes,” he said, and suggests software designed to help them. His remarks have been edited for length and style. 


Continue Reading