Blogs

Be the first person to like this post.
Hiring cyber security professionals to fill current vacancies is one of the toughest and most important challenges we face when trying to build out a successful cybersecurity team. A strong team with a good bond is important and that can be hard to accomplish when supply is low and demand is high. The cybersecurity market quickly evolved into a global market over the pandemic and with work from home options available the competition for limited resources is fierce. This blog will look take a look at what you can do to stand out when trying to fill that vacancy and ways to think outside of the box to land that next hire. The competition for professionals is ...
0 comments
Be the first person to like this post.
Please enjoy this blog post co-authored by Dan Phelps, 3Cloud and Reggie Pool, HBR Consulting With cloud adoption accelerating in the legal industry over the past two years, earlier in this year, 3Cloud and HBR set out to speak with IT leaders in the legal industry to understand their priorities for using cloud over the next 12 months. Through these conversations, we learned that CIOs are exploring how cloud platforms like Microsoft Azure can help them secure sensitive data, meet data privacy requirements, and enable better decision-making with 360-degree views of data and improved analytics tools. While making the move to the cloud can be instrumental ...
0 comments
1 person like s this.
Please enjoy this blog post authored by David Whale, Director Information Security, Fasken Martineau Dumoulin LLP The world of cybersecurity maturity models is on par with going to your favorite buffet (pre-Covid of course) for your birthday dinner. So many options. Government based frameworks, regulatory based frameworks, development based framework, cloud based frameworks, Internet of Things based frameworks… Where to start? How to start? This blog post will take a high level look at 10 of the more popular frameworks in hopes of making your questions clearer then mud. NIST Cybersecurity Framework (CSF): When President Obama calls for ...
0 comments
Be the first person to like this post.
**Please note that this blog is posted on behalf of the author, Fernando Gonçalves, Head of DevSecOps, Congruity360. EVERYTHING-AS-CODE AUTOMATE EVERYTHING TEST EVERYTHING SECURITY BY DEFAULT CHANGING MENTALITIES / YOUR C-LEVEL PARTICIPATION In the last few years, the DevSecOps area has been growing significantly. Its related tools/technologies and the surrounding culture have become more mature and specific than ever. This journey also brought new challenges as well as their corresponding solutions. No environment is equal to another and usually, a one-size-fits-all approach is not always implementable, but we can suggest high-level ...
0 comments
1 person like s this.
Please enjoy this blog post authored by Jarad Schraeder, Cybersecurity Manager, Davis Wright Tremaine LLP. Regardless of the size and scope of your environment, vulnerability management is a daunting task. Depending on the maturity of our vulnerability management program, the vulnerability scan results can create a challenge of prioritization, which for some law firms can be hard to tackle based on the resources you have available. There are automated solutions on the market like Insight VM or Vulcan Cyber to address priorization, but not everyone has the budget or time to deploy a tool like that. Whatever your current vulnerability scanner is, it should ...
0 comments
1 person like s this.
Please enjoy this blog post authored by Ken Fishkin, CISSP, CCSP, CIPT, CIPM, CIPP/US, CISM, CEH, and many others. https://www.linkedin.com/in/kfishkin/ Since 1996, I have been pursuing industry certifications. I have always found them to be an essential part of my career growth, because I use them as entry points to learn new skills that seem challenging. While I know that practical experience is much more important than obtaining these certificates, I have found that the process of obtaining certificates first, gives me the confidence boost I need to immerse myself in whatever area I am studying. For example, in 2007, I passed the gold standard ...
0 comments
1 person like s this.
As many organizations move to MS Teams in a constantly evolving M365 ecosystem, there are many IG concerns that need to be considered. You need to make sure the guardrails are in place before, and after, opening the doors. This entry in our blog series, specifically explores MS Teams chat retention and archiving. Some people may think of chat retention and destruction as “Mission: Impossible”. Read on to find out if those people are right or just a bit off base. What is Chat in Microsoft Teams Many of you reading this article already know that Teams support a private chat and channels. In Microsoft Teams, teams are groups of people brought together ...
1 comment
1 person like s this.
According to a report released in 2020 by the Poneman Institute, “the number of insider-caused cybersecurity incidents increased by a whopping 47% since 2018” . Insiders are trusted individuals that work for an entity and as a result are privy to systems and information that is not available to the public. Proprietary information within a company or government agency often has great economic value, and if this key information is altered, destroyed, stolen, or exposed to unauthorized individuals it can be very damaging. Insider threats come in at least two varieties: the negligent insider who ignorantly or negligently places company information at risk due to ...
0 comments
Be the first person to like this post.
Please enjoy this blog post authored by Reggie Pool, Senior Director, HBR Consulting LLC. This is the third article in the series on Teams governance, addressing the challenges and benefits of Teams and Document Management Systems (DMS), including managing safeguards, classification, policies governance, and effective change management. Many firms look at Teams as yet another location where content will be stored and information will need to be managed, often viewing it as another area of risk leading to non-compliance with the existing DMS policy. But the impending adoption of Teams doesn’t have to be viewed as a negative. With an effective governance ...
1 comment
1 person like s this.
Unstructured data is but one consequence of many firms' relatively late adoption of Information Governance policies and concepts. Many of us struggle to absolve ourselves of the ‘sins of the past’ and establish control of the content of legacy shared network drives or file sharing services that were put in place without policy to govern how and how long data is stored. In this short story series, the authors will examine ideas about how to start to establish structure, gain buy in, and provide real life examples of what firms' have implemented in terms of tools, policies, and processes. Our series starts off with a project the author’s firm aptly named the ...
1 comment
Be the first person to like this post.
Please enjoy this co-authored blog post by Leigh Isaacs, CIGO, CIP, Director of Information Governance and Records Management, Proskauer Rose LLP and Andrew Corridore, CIP, Information Governance Compliance Specialist, Proskauer Rose LLP It’s no secret that the world of information and data management has been evolving in an ever accelerating pace – companies are realizing that information is an asset that should be managed, secured and leveraged as such. At the same time, client demands and our legal, regulatory and ethical obligations continue to expand and grow in complexity. As greater emphasis is placed on this proper management, the old, traditional ...
0 comments
1 person like s this.
Please enjoy this blog post co-authored by David Forrestall , CISSP CISA, Managing Partner, SecurIT360 and David Oxley , CLM, CISM, Director of Information Technology, Messerli & Kramer. Introduction Everyone agrees that cybersecurity is absolutely essential. However, many firms still do not have dedicated security resources. And, if you are a smaller firm, do you really need to do as much as the larger firms? If you look at NIST, ISO 27001, or other frameworks, there is a lot to do, and much of this is still thrown over the wall to IT. Does all of that apply to us and if so, how in the heck can we get it done? Security for the new WFH environment ...
1 comment