ISO 27001 Awareness & Advancement
A goal of LegalSEC is to provide the legal community with guidelines for risk-based information security programs that are achievable, measurable and mature. ISO 27001 has been a valuable foundation of LegalSec programming, providing a risk-based, mature foundation and approach to security. ISO is a key consideration for many organizations looking to align their security programs to an internationally recognized standard or components of it as appropriate. A 2015 Q4 survey of the Global 100 firms indicate the following status for ISO certification:
find more information on the standards »
o 30 firms reported ISO certification
o 17 are actively pursuing certification during 2016
o 39 are investigating the process
The ISO/IEC 27000 series of standards provides guidance around information security controls, discipline, and maturity. These standards have been adopted broadly across industries and can be applied regardless of organizational size / geographic footprint.
Threat Intelligence Sharing - Information Sharing and Analysis Organization
One of LegalSEC's primary goals is to foster improved communications around information security, which includes supporting external initiatives led by our members. In 2015, several ILTA/LegalSEC-member law firms collaborated on a milestone effort resulting in the formation of the LS-ISAO (Legal Services Information Sharing and Analysis Organization). This is a forum for sharing information regarding security threats facing law firms and is supported by services provided by the Financial Services Information Sharing and Analysis Center (FS-ISAC), the gold-standard organization for information sharing. A focus on early warning and expert advice has resulted in valuable threat intelligence sharing among 70+ member firms who have joined as of February 2016.
find more details on the initiative »
Resources GC/IT Security Collaboration
A working group of large firm General Counsels and IT Security Leadership has been established to foster critical communication between these two teams. With the increase of security & risk management focus in the industry, the legal and technical components continue to blend, creating even greater need for lawyers and technologists to collaborate to deliver the most effective and secure client service. This group is tackling key topics such as ways to most effectively deal with client audits, assessments and questionnaires as well as 3rd party vendor assessments. Additionally, this is a great source for recruiting law firm GC speakers for our educational sessions. We recruited several great GC speakers for our 2015 events and look forward to many more opportunities in 2016!