ILTA Voices
Episodes
Monday Mar 11, 2024
#0007: (CCT) Data Debt
Monday Mar 11, 2024
Monday Mar 11, 2024
We all know about technical debt, but data debt is its more nefarious and more challenging sibling. How do you break down the data silos in you firm to create a holistic view of your information? Moderator:@Bill Bice - CEO, nQ Zebraworks Speaker: @Keli Whitnell - Director of Firm Intelligence, Troutman Pepper
Recorded on 3-11-2024.
Thursday Oct 12, 2023
Risks in the Use of ChatGPT
Thursday Oct 12, 2023
Thursday Oct 12, 2023
In this podcast interview, the speaker will highlight in-depth what are the risks in the use of ChatGPT for corporations.
Questions the moderator will ask the speaker:
-We are hearing a lot about Generative AI and AI assistants like ChatGPT. Is this another hype as Blockchain and Metaverse?-If it is something that will stay. What is the probable impact on the legal world?-A lot of people and companies are concerned about data privacy. What is true and what is false in this theme?-How do we use that? I see that some lawyers in the US had issues using that in the wrong way.-How do we get updated about this technology?
Moderator:@Marcelo Cardoso - Legal Ops Supervisor, Mercado Livre
Speaker:@Leonardo Toco - Founder and CEO at GPTLAW - a LegalTech focused on GenAI
Recorded on 10-12-2023
Wednesday Apr 26, 2023
Continuously Monitoring Controls in a Cloud Environment
Wednesday Apr 26, 2023
Wednesday Apr 26, 2023
This session will focus on how companies can continuously monitor and assess their security posture by looking at drift from their control baselines in the cloud. Questions Corey asked the speaker:1) What is continuous monitoring generally and why is it important?
2) What are some of the benefits of implementing continuous monitoring in a cloud environment?
3) What are some of the different cloud security control sources that should be considered when determining what to monitor?
4) At a high level, how do you begin to implement continuous monitoring in one or more of the major cloud providers (i.e. Amazon, Microsoft, Google)?
5) What are some best practices when implementing continuous monitoring in the cloud?Moderator:@Corey Reitz - Distinguished Cyber Assurance Architect, Sandia National LaboratoriesSpeaker:Sarah Luiz - Cyber Security ConsultantRecorded on 04-26-2023
Tuesday Apr 25, 2023
Tuesday Apr 25, 2023
Welcome to ILTA’s Risk Management: Data Analytics & Intelligence series.
Over the course of this program, we will provide access to experts in the legal industry to discuss challenges of adoption and the benefits of using cloud technologies and Data Analytics to enhance processes, leading to efficiency, cost-savings and secured compliance.
We will review the obstacles, challenges and successes of adoption focusing on matter intelligence. How are organizations leveraging data related to client/matter lifecycle to enhance processes, compliance, and security, build relationships (Business Development), and streamline cost saving efforts. Specific topics will include, Artificial Intelligence opportunities, adoption practices, security concerns and compliance.
Questions Elizabeth asked the speakers:
1) What is the biggest challenge your organization faces today as you begin adopting Cloud Technologies and ensuring security compliance across the board?
2) As new Cloud-Based technology is adopted by your organization, describe the security concerns your organization faced, how the organization was able to move forward given the concerns and the impact on people, processes and policy once adopted.
3) What are the specific steps an organization can take to ensure a successful adoption, both from a people and system perspective?
4) Data captured at client/matter inception is used throughout an organization. What were the key factors in joining differing areas | departments (Risk, Business Development, Finance, etc.) to develop a consistent “Master Data” foundation to leverage for reporting and intelligence organization wide? Moderator:@Elizabeth Suehr - Director of Legal Risk Systems and Strategy, Jenner & BlockSpeakers:
@Damien Riehl - VP, Litigation Workflow and Analytics Content, FastCase
@James Hannigan - Director of Legal Project Management, Coblentz Patch Duffy & Bass, LLPRecorded on 04-25-2023
Monday Jan 23, 2023
IG/Data Gov Education
Monday Jan 23, 2023
Monday Jan 23, 2023
What can we do as IG professionals to increase our firms understanding and acceptance of IG core values so that change management is not such a steep hill? In this session, we will explore different options.
Moderator:@Andrew Corridore - Information Governance Compliance Manager, Akin, Gump, Strauss, Hauer & Feld, L.L.P.
Panelists:@Christopher Hockey, IGP - Director of Information Governance and Management, Bond, Schoeneck and King, PLLC@Matthew Estrada - Senior Information Governance Specialist, Kirkland & Ellis
Recorded on 01-23-2023
Wednesday Jan 18, 2023
How to Effectively Balance Insider Risk and Employee Privacy
Wednesday Jan 18, 2023
Wednesday Jan 18, 2023
This podcast interview session addresses how to create an insider threat/insider trust program that mitigates insider risks while respecting employee's privacy rights. Best practices and advice for starting a new insider threat program will be shared.Questions Corey will ask speakers:1) To help those who are just starting to create an insider threat/insider trust program within their company, what are some available resources that you would recommend checking out?2) What are some insider threat/insider trust best practices that you have found to be invaluable when standing up a program?3) How does a company create an insider threat/insider trust program that is effective at mitigating insider risks while simultaneously respecting employee's privacy rights? Can it be done?4) What future changes do you anticipate in the world of insider risk management in relation to tools, regulations, processes, etc. in the next 5 years?5) Should an insider threat/insider trust program be a discreet or very public function? Can you explain why you feel the way that you do?Moderator: @Corey Reitz - Distinguished Cyber Assurance Architect, Sandia National Laboratories Speakers:@Joshua Smith - Senior IT Security Analyst, Ogletree DeakinsMichael Theis - Chief Engineer & Assistant Director for Research, National Insider Threat Center, CERT/SEI, Carnegie Mellon UniversityRecorded on 01-18-2023
Thursday Sep 22, 2022
Information Governance Policies and Practices for Small Firms
Thursday Sep 22, 2022
Thursday Sep 22, 2022
Information Governance is coming to the forefront as privacy become stricter in more and more jurisdictions. Clients are also inquiring about how their records are kept and demanding that firms put protections in place. In this podcast we will review the differences between Records Management and IG. We then delve into IG frameworks and policies and why you would want to establish these, followed by a look at client expectations. We will conclude with an overview of where to start when developing an IG framework and policy and the steps to take to put this in place.
Questions Ann will ask speaker:1. What’s the difference between records management and information governance? 2. What is an IG framework and associated policies and why would you want to establish these? (i.e. risk management, costs, etc.)3. In terms of client expectations, what are clients concerned about and what do they want to see in terms of IG?4. If a firm or corporation wanted to establish an information governance framework and policy, where would they start and what steps would they go through to get this in place?
Moderator:Ann Halkett - Director, SOLVED eDiscovery Services, a division of AHBL MLP
Speaker:Andrew Cogan - IGP, Manager of Practice Services – Records, Allen Matkins
Recorded on 09-22-2022
Friday Sep 09, 2022
Has the Time Come for Passwords to Take a Back Seat to Security
Friday Sep 09, 2022
Friday Sep 09, 2022
The majority of breaches today no longer come through delivered malware as our systems have become very strong with detecting and blocking these resulting in more effort than value for the attacker. Instead, it’s easier, faster and more economical to just try and steal your password, or better yet have you provide it yourself. This podcast takes a look at the security risks that are actually derived from one of our more important security controls… passwords; and look at what we can do to minimize those risks moving forward.
Questions Dave will ask the speakers:
A recent study by Verizon found that more than 80 percent of breaches through hacking involve brute force or the use of lost or stolen credentials. Microsoft estimates that there are 921 password attacks per second. We’ve been educated for years by the security industry and our awareness programs that passwords are the most crucial component to protecting our environments and our information. How is it that this sacred key to our kingdom is actually resulting in opening so many doors for attackers?
NIST has taken steps to try and reduce the bleeding with their new Password guidelines and best practices which encourage passphrases of more characters, less complexity and less changes. Are these steps in the right direction to actually keeping us secure?
Many security tools are now providing artificial intelligence around login requests that look to see if the member is coming from a known device and location prior to providing access. Would implementing these types of risk based controls with MFA and a passphrase by the answer to our problems?
Biometrics for authentication always seemed to be the next logical step for passwords. We have our basic biometrics on devices however, those are all back supported by a password or PIN. Will we ever get to a place where we’re truly only using biometrics for all authentication?
I understand that Apple, Google and Microsoft are working on a solution together that will get rid of passwords. Instead, they will just leverage the biometrics on your phone as your access code to everything. With this in mind do we just need to sit tight and all our troubles will soon be fixed?
Moderator:@David Whale - Director Information Security, Fasken Martineau Dumoulin LLPSpeakers:Sohail Iqbal - CISO, VeracodeEldon Sprickerhoff - Founder and Chief Innovation Officer, eSentirePhillip Solakov - Director, Client Solutions, Optiv, Inc.Recorded on 09-09-2022
Monday Aug 15, 2022
Monday Aug 15, 2022
Lawyers have always been held to a high standard of care to secure information and maintain the confidentiality of client-related information.However, meeting these requirements has become much more complex since shifting to a hybrid working environment.This podcast panel interview addresses the ever-growing client, regulatory and other requirements and how the introduction of new technologies, the ongoing need to balance the transition from paper to electronic and other considerations impact our approach to securing information while balancing the need provide effective client service.
Co-Moderators:@Leigh Isaacs - Director, Information Governance, DLA Piper@Reggie Pool - Senior Director, HBR Consulting LLC
Speakers:@Doug Landin - Chief Information Security Officer, Brownstein Hyatt Farber Schreck@James Merrifield - Director of Information Governance & Business Intake, Robinson & Cole LLP
Recorded on 08-15-2022
Monday Jul 25, 2022
What New Staff Roles Are Necessary for a Growing InfoGov Program?
Monday Jul 25, 2022
Monday Jul 25, 2022
Information Governance’s focus and influence is rapidly developing. Due to this growth, many may be unprepared on how to staff their organization for these evolving roles.You may wonder where to start or evaluate your staffing needs. Join our panel podcast interview, with speakers from law firms, resource providers and application experts who each share a different angle on what are the new hybrid skills that are needed to bridge RM and IT needs. In addition, we will highlight what skills and roles should a growing program hire for.Questions that Chuck will ask speakers:1. What are some trends developing in the workplace regarding traditional records management roles?2. What new roles/positions have you seen emerge with the increase of focus on InfoGov ?3. What are some hybrid skills you’ve seen or needed to bridge the gap between RM/IG/IT?4. What are some recommendations do you have for firms for educating existing staff v. hiring additional headcount?5. What do you look for in new employees? IG experience? Records experience? IT experience? None of the above? How do you determine whether someone will be successful in this field?
Moderator:@Chuck Barth - Director of Information Governance, Sheppard Mullin Richter & Hampton LLP
Speakers:@Steve Huffman - Solutions Director – Information Governance, Williams Lea@Rudy Moliere - Director of Information Governance, Morgan, Lewis & Bockius LLP
Recorded on 07-25-2022
Friday Jun 17, 2022
Mobile Devices: We Use Them All Day Long - When Do We Start Protecting Them?
Friday Jun 17, 2022
Friday Jun 17, 2022
This podcast interview session will take a look into our mobile devices (super computers in our pocket) and the built in (or lack there of) security around them.Can we rely on our devices out of box as long as they’re managed or has the time come where we need to take mobile security to the next level?Questions that David will ask speaker:1. Mobile devices are essentially a smaller version of a computer that can fit in your pocket. They’re on us and in use almost all the time. Confidential information flows to, from and through them, yet we don’t seem to secure them to the same level as a computer. Is that because they’re just secure out of the box? Or are we missing something?2. What types of threats and attacks should we be concerned about with our mobile devices?3. A lot of organizations may say we use MDM (mobile device management) to secure our mobile fleet of devices. Is an MDM sufficient?4. If out of the box security and usage of an MDM is not quite enough, what addition protections should we be looking at?5. How should different usage patterns and user interfaces of mobile devices factor into an organization's model of the mobile security threat and mobile security solutions?6.Obviously budgets and staff have an influence on just how much security you can deploy and manage. What would be the top 3 items that all businesses and mobile users should put into place to help protect their mobile devices?
Moderator: @David Whale - Director Information Security, Fasken Martineau Dumoulin LLP
Speaker:@Seth Hallem - CEO & Chief Architect, Mobile Helix
Recorded on 06-17-2022