The quarterly publication of the International Legal Technology Association
Issue link: http://read.uberflip.com/i/411912
WWW.ILTANET.ORG 73 • Containment, Eradication and Recovery: Once you have determined there is an incident, you need to characterize the incident type and assess its severity and sensitivity. You will need to inform management, practice leaders and possibly law enforcement. Employ forensic best practices for gathering evidence, and capture information from RAM, hard disks and monitoring systems. You may have to isolate the system from the network or even power the system down to prevent further compromise. Also, consider applying patches, changing passwords and modifying firewall rules. Once you have the situation controlled, you can move into deeper analysis of the data while you remove an attacker's artifacts or even wipe and reload the systems. Work with the business owners to ensure that the previously compromised systems are performing as expected once they are back online. The systems should then be monitored to watch for attackers trying to compromise them again. • Post Incident: After the incident has been adequately dealt with, it is time to review what happened and make necessary changes to your environment. A report of the incident should communicate the nature of the event and what actions were taken to respond to it. The report should have an executive summary with supporting appendices so it is easy to digest, and it should be presented soon after the remediation of the incident. If the report identifies organizational vulnerabilities where risks can be proactively mitigated, this may be an appropriate time to ask for additional security program funding. Any weaknesses in your incident response program that the report identifies should be used to improve the process. Information and knowledge are the lifeblood of law firms. Firms continue to gather client data and rely on technology to respond to client demands in an always- on, always-connected world. An attendant risk of data breaches occurs because firms have more information in more places with more inbound and outbound traffic on their networks. Taking proactive defensive measures to structure your environment to prevent attacks and monitor vulnerabilities is critical for reducing the risk attackers pose. Just as important is knowing how to detect and respond to attacks when they occur. Remember it's not a matter of if; it's a matter of when you will be breached. SQL CoreRelate Framework. demonstration. Client/Matter Document Assembly from Word — is it really that easy? BEC Assemble-It accesses standard content and firm-wide case data from the task pane in Word. Attorneys and staff can draft and update standardized documents while maintaining complete creative control.