About the Editors/Authors | p. xiii |
Introduction | p. 1 |
Information Security Guidelines for Lawyers and Law Firms | p. 5 |
Terms and Definitions | p. 9 |
Information Security | p. 9 |
Confidentiality | p. 10 |
Authentication and Authorization | p. 11 |
Integrity | p. 11 |
Availability | p. 12 |
Information Security: The Basics | p. 13 |
Change the @#$%#* "Defaults"! | p. 15 |
Update Your Software | p. 16 |
Install and Use Reputable Antivirus Software | p. 16 |
Create, Audit, and Enforce Compliance with Security Policies | p. 17 |
Don't Save Passwords Locally | p. 17 |
Use the Full Security Capabilities of Your Software | p. 18 |
Let No One Else Use Your Computer | p. 19 |
Select Strong Passwords | p. 20 |
Know Where Your Data Is | p. 22 |
Information Security Legal Principles: The Basics | p. 25 |
Confidentiality of Client Information Sent by Internet E-mail | p. 25 |
The Duty of Confidentiality | p. 25 |
The Various Consequences of a Breach | p. 27 |
Encryption Technology in Historical Perspective | p. 31 |
Security Hawks and Doves | p. 32 |
ABA Formal Opinion No. 99-413 | p. 33 |
Where We Go from Here | p. 34 |
Information Security and Legal Practice: Risk Assessment | p. 35 |
The Nature of Risk | p. 35 |
Risk Assessment | p. 36 |
Suggested Best Practices for the Process of Law Firm InfoSec Risk Assessment | p. 36 |
Outputs of the Risk Assessment Process | p. 43 |
Joint Risk Assessment and Risk Response | p. 44 |
Quantitative and Qualitative Risk Assessment | p. 45 |
The Nature of the Law Practice: Its Effect on Risk Assessment and Risk Response | p. 48 |
Physical Security | p. 51 |
What Is Physical Security? | p. 52 |
Why Is the Physical Security of Your System Important? | p. 53 |
Perimeter Security Considerations | p. 55 |
Access Control | p. 69 |
History of Access Control | p. 70 |
The Taxonomy of Access Control | p. 73 |
Choices in Identification | p. 75 |
Choices in Authentication | p. 84 |
Choices in Authorization | p. 89 |
Recommendations | p. 90 |
Conclusion | p. 94 |
Routers and Firewalls: Keeping the Bad Stuff Out and the Good Stuff In | p. 95 |
Back to School | p. 95 |
Router Equipment | p. 96 |
Nah, Nah, Nah,...NAT | p. 97 |
Any Port in the Storm | p. 98 |
Tiny, Small, Medium, Large, BFR | p. 99 |
Firewalls | p. 100 |
Resources | p. 103 |
Security When You Travel and Remote Access to Data | p. 105 |
Remote Access | p. 109 |
Securing Wireless Networks the Easy Way | p. 113 |
Plan the LAN | p. 116 |
Go the Distance | p. 119 |
Plug and Play | p. 120 |
Beam Me Up, Scottie | p. 120 |
Tighten the Security | p. 121 |
To Route or Not to Route, That Is the Question | p. 123 |
White Hat Hacking (Done by the Good Guys!) | p. 123 |
E-mail and Internet Usage Policies | p. 127 |
The Challenges | p. 128 |
Drafting Policies | p. 133 |
Implementation | p. 136 |
Monitoring and Policy Enforcement Tools | p. 136 |
Conclusion | p. 140 |
E-mail Management | p. 143 |
Protecting Your Inbox | p. 144 |
Choosing the Right E-mail Client | p. 145 |
E-mail Addresses: Three's the Charm | p. 147 |
Avoiding Spam | p. 149 |
Viruses, Worms, Trojans, and Other Malware | p. 162 |
Other E-mail Management Considerations | p. 163 |
Securing Your Documents: Encryption, Digital Signatures, and PDF | p. 171 |
Electronic Document Security Basics | p. 172 |
Implementing Electronic Document Security Using Adobe PDF Files | p. 175 |
Document Security in the Legal Setting | p. 176 |
Adobe Acrobat PDF Security (How To) | p. 182 |
PDF Security Resources | p. 189 |
Voice Communications | p. 191 |
When Is a Phone Just a Phone? | p. 191 |
So What Does All This Have to Do with "Information Security? | p. 192 |
Of Course, If It Isn't the Technology, Then It Might Just Be the Callers | p. 195 |
Viruses, Worms, Trojans | p. 197 |
What They Are | p. 198 |
How They Are Created | p. 199 |
How They Spread | p. 201 |
What They Do | p. 204 |
Some Examples | p. 205 |
Defenses | p. 207 |
Recovery | p. 210 |
Information Sources | p. 212 |
Spyware | p. 215 |
Spyware | p. 216 |
Cookies | p. 224 |
Metadata | p. 231 |
The Threat | p. 233 |
Options for Protection | p. 234 |
Incident Response Plans | p. 239 |
Phases of an IRP | p. 240 |
Preparation | p. 241 |
Detection | p. 249 |
Containment | p. 252 |
Eradication | p. 254 |
Recovery and Closure | p. 260 |
Follow-up | p. 261 |
Avoiding Disaster in Your Disaster Recovery Planning and Procedures | p. 263 |
Nothing Succeeds Like Preparation | p. 264 |
Considering Scenarios: The "Mathematics" of Disaster Recovery Planning | p. 265 |
Putting Together the Plan Document | p. 268 |
Technology Options for Disaster Recovery | p. 269 |
The Expanding Notion of "System" | p. 273 |
External Technology Options | p. 273 |
Redundancy and Developing a Portfolio of Options | p. 274 |
People + Practice = Greater Likelihood of Success | p. 277 |
Putting Together Your Team | p. 279 |
Practice Makes Things Better | p. 280 |
Conclusion | p. 282 |
Disaster Recovery and Business Continuity Planning | p. 283 |
Top Legal Concerns in Disaster Recovery Contracts | p. 284 |
Cyberinsurance: Singing in the Rain | p. 287 |
Employee Issues: Training, Termination, Social Engineering, Safe Computing, and Disgruntled Employees | p. 293 |
Social Engineering | p. 293 |
Safe Computing: Train, Train, Train | p. 297 |
The Disgruntled Employee | p. 300 |
Real-Life Nightmares | p. 302 |
Statistics | p. 303 |
The Dark Side of Security | p. 304 |
How to Achieve Security and Sleep at Night | p. 305 |
Third-Party Service Providers | p. 309 |
What Is an IT Service Provider? | p. 310 |
Can You Use a Third-Party Service Provider? | p. 311 |
Insist on a Contract-A Real Contract | p. 314 |
Confidentiality, Not a Contract, Is Required | p. 315 |
When It Comes to Lawyers' Use of IT, Don't Allow Free Agents | p. 318 |
When to Notify the Client | p. 318 |
Don't Forget Your Obligations to Your Employees | p. 319 |
Law Firm Document Retention Policies | p. 321 |
The False Parable of Arthur Andersen | p. 321 |
Document Retention Policies: Background and Statistics | p. 322 |
Sarbanes-Oxley Act of 2002 | p. 325 |
Who Else Do You Have to Worry About? | p. 326 |
What Are Businesses Doing Wrong? | p. 327 |
Crafting a Document Retention Policy | p. 327 |
Spoliation | p. 330 |
Computer Forensics: Data May Not Go Away | p. 333 |
The Benefits of DRPs | p. 333 |
What Happens to Your DRP in the Event of Litigation, Actual or Probable? | p. 334 |
Yogi Berra Has the Final Word on DRPs | p. 336 |
Sample Document Retention Policy | p. 337 |
Computer Forensics | p. 341 |
In the Beginning... | p. 341 |
Why Should You Care? | p. 342 |
Are Your Computers "in Play"? | p. 343 |
The Preservation Process | p. 344 |
It's Over There | p. 346 |
I Want It All! | p. 347 |
It Costs Too Much! | p. 348 |
How Do They Do That? | p. 349 |
Are We There Yet? | p. 352 |
File Artifacts | p. 352 |
What Can You Get for Me? | p. 354 |
What Can't You Get for Me? | p. 358 |
Will It Ever End? | p. 360 |
A Legal Lifeline: Protecting Your Data in Electronic Discovery | p. 361 |
The Problem | p. 362 |
Take a Proactive Stance: The Electronic Evidence Protocol | p. 362 |
Designation of Forensic Expert for Acquisition | p. 363 |
Confidentiality Agreement | p. 363 |
Acquisition Schedule | p. 364 |
Scope of Acquisition | p. 365 |
Previews of the Evidence | p. 366 |
Forensic Acquisition | p. 367 |
Scope of Analysis | p. 368 |
Screening for Privilege | p. 370 |
The Special Problems of Law Firms | p. 370 |
Costs | p. 371 |
Final Thoughts | p. 372 |
Equipment and Information Disposal | p. 373 |
The Problem | p. 374 |
Solutions | p. 376 |
Conclusion | p. 381 |
Additional Information Security Resources: Where to Go Online for More Information | p. 383 |
DNS Stuff | p. 384 |
SC Magazine | p. 386 |
Network Computing | p. 387 |
BugTraq | p. 388 |
Secunia | p. 389 |
Symantec | p. 389 |
McAfee | p. 391 |
Kaspersky | p. 391 |
The Security Portal for Information System Security Professionals (Infosyssec) | p. 392 |
Sophos | p. 393 |
Castlecops | p. 394 |
Conclusion | p. 394 |
The Future of Information Security | p. 397 |
Outsourced Security Management | p. 399 |
Identity Management | p. 400 |
Regulatory Efforts | p. 400 |
Changing Nature of the Threats | p. 401 |
Private Internet versus Public Internet | p. 402 |
Adjusting Efforts to Human Behaviors | p. 402 |
Smart Documents and Just Enough Rights | p. 402 |
Disaster Recovery | p. 403 |
Security Audits | p. 403 |
Security and Core Business | p. 403 |
Conclusion | p. 404 |
Index | p. 405 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.