Information Security for Lawyers and Law Firms

Information Security for Lawyers and Law Firms

by Sharon D. Nelson, David K. Isom, John W. Simek

ISBN-10: 1590316630

ISBN-13: 9781590316634

Pub. Date: 09/28/2006

Publisher: American Bar Association

The book provides sound advice and offers valuable guidelines and assistance to bridge the worlds of law and technology on important information security issues that face the legal professional every day. This essential guide discusses the ethical duties of lawyers relating to securing their electronic information. If you are a small firm it will advise you on how

…  See more details below


The book provides sound advice and offers valuable guidelines and assistance to bridge the worlds of law and technology on important information security issues that face the legal professional every day. This essential guide discusses the ethical duties of lawyers relating to securing their electronic information. If you are a small firm it will advise you on how you can have reliable security. If you are a large firm it will help you to decide what information security duties can be delegated. Other topics include, worms, Trojans, spyware, malware, spiders, key loggers and their implications, and whether or not it is safe to use wireless technology for the delivery of legal services.

Product Details

American Bar Association
Publication date:
Edition description:
New Edition
Product dimensions:
6.14(w) x 9.15(h) x 0.91(d)

Table of Contents

About the Editors/Authors     xiii
Introduction   David K. Isom     1
Information Security Guidelines for Lawyers and Law Firms   Sharon D. Nelson   John W. Simek     5
Terms and Definitions   Charles R. Merrill     9
Information Security     9
Confidentiality     10
Authentication and Authorization     11
Integrity     11
Availability     12
Information Security: The Basics   Anne M. Rogers   David K. Isom     13
Change the @#{dollar}%#* "Defaults"!     15
Update Your Software     16
Install and Use Reputable Antivirus Software     16
Create, Audit, and Enforce Compliance with Security Policies     17
Don't Save Passwords Locally     17
Use the Full Security Capabilities of Your Software     18
Let No One Else Use Your Computer     19
Select Strong Passwords     20
Know Where Your Data Is     22
Information Security Legal Principles: The Basics   Charles R. Merrill     25
Confidentiality of Client Information Sent by Internet E-mail     25
The Duty of Confidentiality     25
TheVarious Consequences of a Breach     27
Encryption Technology in Historical Perspective     31
Security Hawks and Doves     32
ABA Formal Opinion No. 99-413     33
Where We Go from Here     34
Information Security and Legal Practice: Risk Assessment   Patrick Cain   Denley Chew   Charles R. Merrill     35
The Nature of Risk     35
Risk Assessment     36
Suggested Best Practices for the Process of Law Firm InfoSec Risk Assessment     36
Outputs of the Risk Assessment Process     43
Joint Risk Assessment and Risk Response     44
Quantitative and Qualitative Risk Assessment     45
The Nature of the Law Practice: Its Effect on Risk Assessment and Risk Response     48
Physical Security   Michael C. Maschke     51
What Is Physical Security?     52
Why Is the Physical Security of Your System Important?     53
Perimeter Security Considerations     55
Access Control   Arshad Noor   Ariel Peled     69
History of Access Control     70
The Taxonomy of Access Control     73
Choices in Identification     75
Choices in Authentication      84
Choices in Authorization     89
Recommendations     90
Conclusion     94
Routers and Firewalls: Keeping the Bad Stuff Out and the Good Stuff In   Sharon D. Nelson   John W. Simek     95
Back to School     95
Router Equipment     96
Nah, Nah, Nah,...NAT     97
Any Port in the Storm     98
Tiny, Small, Medium, Large, BFR     99
Firewalls     100
Resources     103
Security When You Travel and Remote Access to Data   Anne M. Rogers     105
Remote Access     109
Securing Wireless Networks the Easy Way   Sharon D. Nelson   John W. Simek     113
Plan the LAN     116
Go the Distance     119
Plug and Play     120
Beam Me Up, Scottie     120
Tighten the Security     121
To Route or Not to Route, That Is the Question     123
White Hat Hacking (Done by the Good Guys!)     123
E-mail and Internet Usage Policies   David G. Ries     127
The Challenges     128
Drafting Policies     133
Implementation      136
Monitoring and Policy Enforcement Tools     136
Conclusion     140
E-mail Management   Thomas L. Mighell     143
Protecting Your Inbox     144
Choosing the Right E-mail Client     145
E-mail Addresses: Three's the Charm     147
Avoiding Spam     149
Viruses, Worms, Trojans, and Other Malware     162
Other E-mail Management Considerations     163
Securing Your Documents: Encryption, Digital Signatures, and PDF   David L. Masters     171
Electronic Document Security Basics     172
Implementing Electronic Document Security Using Adobe PDF Files     175
Document Security in the Legal Setting     176
Adobe Acrobat PDF Security (How To)     182
PDF Security Resources     189
Voice Communications   Anne M. Rogers     191
When Is a Phone Just a Phone?     191
So What Does All This Have to Do with "Information Security?     192
Of Course, If It Isn't the Technology, Then It Might Just Be the Callers     195
Viruses, Worms, Trojans   David G. Ries   Christopher Ries     197
What They Are     198
How They Are Created      199
How They Spread     201
What They Do     204
Some Examples     205
Defenses     207
Recovery     210
Information Sources     212
Spyware   Timothy M. Opsitnick     215
Spyware     216
Cookies     224
Metadata   Timothy M. Opsitnick     231
The Threat     233
Options for Protection     234
Incident Response Plans   Dan Pinnington     239
Phases of an IRP     240
Preparation     241
Detection     249
Containment     252
Eradication     254
Recovery and Closure     260
Follow-up     261
Avoiding Disaster in Your Disaster Recovery Planning and Procedures   Dennis Kennedy     263
Nothing Succeeds Like Preparation     264
Considering Scenarios: The "Mathematics" of Disaster Recovery Planning     265
Putting Together the Plan Document     268
Technology Options for Disaster Recovery     269
The Expanding Notion of "System"     273
External Technology Options     273
Redundancy and Developing a Portfolio of Options     274
People + Practice = Greater Likelihood of Success     277
Putting Together Your Team     279
Practice Makes Things Better     280
Conclusion     282
Disaster Recovery and Business Continuity Planning     283
Top Legal Concerns in Disaster Recovery Contracts     284
Cyberinsurance: Singing in the Rain   Sharon D. Nelson   John W. Simek     287
Employee Issues: Training, Termination, Social Engineering, Safe Computing, and Disgruntled Employees   Sharon D. Nelson   John W. Simek     293
Social Engineering     293
Safe Computing: Train, Train, Train     297
The Disgruntled Employee     300
Real-Life Nightmares     302
Statistics     303
The Dark Side of Security     304
How to Achieve Security and Sleep at Night     305
Third-Party Service Providers   Behnam Dayanim     309
What Is an IT Service Provider?     310
Can You Use a Third-Party Service Provider?     311
Insist on a Contract-A Real Contract     314
Confidentiality, Not a Contract, Is Required     315
When It Comes to Lawyers' Use of IT, Don't Allow Free Agents     318
When to Notify the Client     318
Don't Forget Your Obligations to Your Employees     319
Law Firm Document Retention Policies   Sharon D. Nelson   John W. Simek     321
The False Parable of Arthur Andersen     321
Document Retention Policies: Background and Statistics     322
Sarbanes-Oxley Act of 2002     325
Who Else Do You Have to Worry About?     326
What Are Businesses Doing Wrong?     327
Crafting a Document Retention Policy     327
Spoliation     330
Computer Forensics: Data May Not Go Away     333
The Benefits of DRPs     333
What Happens to Your DRP in the Event of Litigation, Actual or Probable?     334
Yogi Berra Has the Final Word on DRPs     336
Sample Document Retention Policy     337
Computer Forensics   Sharon D. Nelson   John Simek     341
In the Beginning...     341
Why Should You Care?     342
Are Your Computers "in Play"?     343
The Preservation Process     344
It's Over There     346
I Want It All!     347
It Costs Too Much!     348
How Do They Do That?     349
Are We There Yet?     352
File Artifacts     352
What Can You Get for Me?     354
What Can't You Get for Me?     358
Will It Ever End?     360
A Legal Lifeline: Protecting Your Data in Electronic Discovery   Sharon D. Nelson   John W. Simek     361
The Problem     362
Take a Proactive Stance: The Electronic Evidence Protocol     362
Designation of Forensic Expert for Acquisition     363
Confidentiality Agreement     363
Acquisition Schedule     364
Scope of Acquisition     365
Previews of the Evidence     366
Forensic Acquisition     367
Scope of Analysis     368
Screening for Privilege     370
The Special Problems of Law Firms     370
Costs     371
Final Thoughts     372
Equipment and Information Disposal   David G. Ries   Christopher Ries     373
The Problem     374
Solutions     376
Conclusion     381
Additional Information Security Resources: Where to Go Online for More Information   Michael C. Maschke      383
DNS Stuff     384
SC Magazine     386
Network Computing     387
BugTraq     388
Secunia     389
Symantec     389
McAfee     391
Kaspersky     391
The Security Portal for Information System Security Professionals (Infosyssec)     392
Sophos     393
Castlecops     394
Conclusion     394
The Future of Information Security   Dennis Kennedy     397
Outsourced Security Management     399
Identity Management     400
Regulatory Efforts     400
Changing Nature of the Threats     401
Private Internet versus Public Internet     402
Adjusting Efforts to Human Behaviors     402
Smart Documents and Just Enough Rights     402
Disaster Recovery     403
Security Audits     403
Security and Core Business     403
Conclusion     404
Index     405

Read More

Customer Reviews

Average Review:

Write a Review

and post it to your social network


Most Helpful Customer Reviews

See all customer reviews >