As the leader of the Technical Operations ILTACON Conference Committee Team, I've had the honor of working with my awesome team members (David Alberico, David Neesen, Mike Viscito, Nadia Choptain and Tim Golden). One of our areas of focus this year is security. Apparently that's still important....
I like to use a picture of my dog Taquito to remind me of security challenges (like falling asleep in my own home). This is his "welcome to the couch" face.
But I digress. One could spend the whole week at ILTACON just going security sessions, but please don't. Here are some security sessions you should attend for a well balanced and nutritious diet of security throughout the week.
Monday, Bloody Monday, August 29th:
You're still trying to figure out how they got a mime juggler with stilts for the Opening Reception, so to relax you should go to:
The Ins and Outs of Encrypting Your Devices (11am-noon)
The sea of devices that exist in your organization contain a plethora of sensitive data. Knowing you need to protect that data is only half the battle. Regardless of the size of your organization, you'll leave with actionable options for encrypting and protecting data across a wide range of personal and firm-issued devices. Come see Matt Beland of Davis Wright, Mark Combs of Steptoe & Johnson and Brian Donato of Vorys Sater compare their real world solutions.
Preparing a Cybercrime Incident Response Plan (2:30-3:30 pm)
A panel of security experts will walk through real-life case studies and discuss the importance of pre-breach planning, execution of your response plan during an incident and post-breach steps including regulatory notification, preparation for litigation and potential SEC inquiries.
Our distinguished panel includes Don Ulsch, Sr. Managing Director, Cybercrime & Breach Response at PricewaterhouseCoopers and two of the top data security attorneys in the US, Craig Newman from Patterson Belknap and Marcus Christian from Mayer Brown. These guys really know their stuff, they've written lots of books and articles and this is going to be a great session.
Tuesday, August 30th:
In the aftermath of having viewed a Vendor Hall event costume or two with way too much showing, you decide to cleanse the palate with more amazing security sessions like:
Cost-Effective Ways To Detect and Prevent Data Loss (11am-12:30pm)
Many systems identify data leaks but are beyond the budget of small firms or staff resources. Data loss detection and prevention is becoming a strict standard in many audits. To help you prepare, we'll explore the technologies, tips and tricks of an effective data loss prevention plan.
SIEM Solutions Exposed (3:30-4:30 pm)
Ok, I think this title might have gone a bit rogue, this is not a security logging solutions expose on Dateline. Do you need a security information and event manager (SIEM)? Which solution is the right fit? Should it be in-house or hosted? Your peers are using several noteworthy SIEM systems, and they're exposing them all! Hear about the challenges and gotchas they have experienced along the way. We have some uber smart guys doing this one, Jordan Weinstein from Stroock & Stroock & Lavan, Luther Allin from Miller & Martin and Gil Danieli from Shulte, Roth & Zabel.
Wednesday, August 31st:
At this point, you've probably eaten enough to last the week, so slow down on the snacks between sessions. To burn off those calories, please attend:
Remote Users: The Walking, Talking Security Risk (9-10 am)
We all invest time and money to secure our systems, but how effective are those protections when someone is working remotely? Our panel will discuss security vulnerabilities presented by telecommuters and steps to make your remote workforce more secure. Judy Flournoy, CIO at Kelley Drye and Joseph Abrenio of Delta Risk, discuss the ins and outs of containing our brilliant timekeepers.
Risk Management Unboxed (11-12:30 pm)
Following up on last year's lauded "Risk Management in a Box" session, we will provide expanded information about tools for proactively managing risk at your firm while still keeping the lights on.
It's a Multifactor Authentication Shootout! (1:30-2:30 pm)
Yes, that's an exclamation point. Law firms and their clients are demanding we do more with security, but complex passwords and frequent password expiration are not enough. What is the answer? Multifactor solutions close the loopholes that reliance on passwords can create, but there are many options available. It's time for a mulitifactor authentication vendor shootout! Come hear about physical tokens, biometrics and cellphone solutions and where you should be using them (remote access, network access, etc.). Lisa Stone from Cornerstone.IT leads an expert panel.
Checking for Weak Links: Security Audits of Your Most Popular Platforms (3:30-4:30 pm)
Security is a top priority at law firms, and many have or are working on obtaining ISO 27001 certification. An important yet overlooked area of requirement is to ensure that vendors that have access to or process your data also have adequate security practices in place. It's time to check for weak links!
Thursday, September 1:
I have no idea how they rented out the White House for that party Wednesday night. Sure you're tired from a week of learning, but rally for one more day of amazing security fun. Here's how:
Respond Effectively to Your First Client Security Audit (11am - noon)
Client audits can be stressful, time-consuming and disruptive. We'll be providing clear and relevant advice for those just starting to receive audits and who, like many firms, do not have dedicated information security staff. Learn techniques to reduce the time, effort and stress involved in security audits while simultaneously improving the relationship between your firm and your clients. Join Judy Flournoy of Kelley Drye and Scott Christensen from Olenick & Associates as they simply the complicated.
Threat Protection for Virtual Systems (1:30-2:30 pm)
Traditional endpoint protection for bare metal servers comes with a lot of trade-offs when implemented in a virtual environment. What options are available to more efficiently protect virtual machines and their densely loaded hypervisor hosts? Come learn more about threat protection for virtual systems. Jim Nixon from Seyfarth Shaw shows you how it's done.
Can Information Rights Management and Document Management Systems Play Well Together? (2:45-4 pm)
It is often suggested that information rights management (IRM) can help with data loss prevention by securing files wherever they are. Is there an IRM solution that can play well with your document management system (DMS) and the other document repositories you have or will have? We will highlight the opportunities and challenges inherent in IRM. Join Paul Domnick, the CEO of Litera as he drills down on this important question.
Current Threat Landscapes and Protective Measures (2:45-4 pm)
Malicious hackers, nation-state cyber terrorists, hacktivistas and malcontented or curious employees all pose threats to any network. Have you implemented security best practices against some of these prevalent malefactors? An expert will explore the most active and dangerous threats to law firms in the last year and the near future.
So having achieved a high level of knowledge (and paranoia), enjoy the closing event Thursday evening knowing you've covered about every security topic known to wo(man) before you take all the great ideas from Conference home with you. And please write them down so you don't forget.
If you'd like to search the whole session list, the link for that is here.
Cheers and hope to see you in DC!
Director of Information Technology
Rodey Law Firm
2016 Conference Team Leader, Technology Operations, ILTA