Information Governance

This podcast interview session addresses how to create an insider threat/insider trust program that mitigates insider risks while respecting employee's privacy rights. Best practices and advice for starting a new insider threat program will be shared.Questions Corey will ask speakers:1) To help those who are just starting to create an insider threat/insider trust program within their company, what are some available resources that you would recommend checking out?2) What are some insider threat/insider trust best practices that you have found to be invaluable when standing up a program?3) How does a company create an insider threat/insider trust program that is effective at mitigating insider risks while simultaneously respecting employee's privacy rights? Can it be done?4) What future changes do you anticipate in the world of insider risk management in relation to tools, regulations, processes, etc. in the next 5 years?5) Should an insider threat/insider trust program be a discreet or very public function? Can you explain why you feel the way that you do?Moderator: @Corey Reitz - Distinguished Cyber Assurance Architect, Sandia National Laboratories Speakers:@Joshua Smith - Senior IT Security Analyst, Ogletree DeakinsMichael Theis - Chief Engineer & Assistant Director for Research, National Insider Threat Center, CERT/SEI, Carnegie Mellon University​Recorded on 01-18-2023​

Information Governance is coming to the forefront as privacy become stricter in more and more jurisdictions. Clients are also inquiring about how their records are kept and demanding that firms put protections in place. In this podcast we will review the differences between Records Management and IG. We then delve into IG frameworks and policies and why you would want to establish these, followed by a look at client expectations. We will conclude with an overview of where to start when developing an IG framework and policy and the steps to take to put this in place.
Questions Ann will ask speaker:1. What’s the difference between records management and information governance? 2. What is an IG framework and associated policies and why would you want to establish these? (i.e. risk management, costs, etc.)3. In terms of client expectations, what are clients concerned about and what do they want to see in terms of IG?4. If a firm or corporation wanted to establish an information governance framework and policy, where would they start and what steps would they go through to get this in place?
Moderator:Ann Halkett - Director, SOLVED eDiscovery Services, a division of AHBL MLP
Speaker:Andrew Cogan - IGP, Manager of Practice Services – Records, Allen Matkins 
Recorded on 09-22-2022

The majority of breaches today no longer come through delivered malware as our systems have become very strong with detecting and blocking these resulting in more effort than value for the attacker. Instead, it’s easier, faster and more economical to just try and steal your password, or better yet have you provide it yourself. This podcast takes a look at the security risks that are actually derived from one of our more important security controls… passwords; and look at what we can do to minimize those risks moving forward.
Questions Dave will ask the speakers:
A recent study by Verizon found that more than 80 percent of breaches through hacking involve brute force or the use of lost or stolen credentials. Microsoft estimates that there are 921 password attacks per second. We’ve been educated for years by the security industry and our awareness programs that passwords are the most crucial component to protecting our environments and our information. How is it that this sacred key to our kingdom is actually resulting in opening so many doors for attackers?
NIST has taken steps to try and reduce the bleeding with their new Password guidelines and best practices which encourage passphrases of more characters, less complexity and less changes. Are these steps in the right direction to actually keeping us secure?
Many security tools are now providing artificial intelligence around login requests that look to see if the member is coming from a known device and location prior to providing access. Would implementing these types of risk based controls with MFA and a passphrase by the answer to our problems?
Biometrics for authentication always seemed to be the next logical step for passwords. We have our basic biometrics on devices however, those are all back supported by a password or PIN. Will we ever get to a place where we’re truly only using biometrics for all authentication?
I understand that Apple, Google and Microsoft are working on a solution together that will get rid of passwords. Instead, they will just leverage the biometrics on your phone as your access code to everything. With this in mind do we just need to sit tight and all our troubles will soon be fixed?
Moderator:@David Whale - Director Information Security, Fasken Martineau Dumoulin LLPSpeakers:Sohail Iqbal - CISO, VeracodeEldon Sprickerhoff - Founder and Chief Innovation Officer, eSentirePhillip Solakov - Director, Client Solutions, Optiv, Inc.Recorded on 09-09-2022​

Lawyers have always been held to a high standard of care to secure information and maintain the confidentiality of client-related information.However, meeting these requirements has become much more complex since shifting to a hybrid working environment.This podcast panel interview addresses the ever-growing client, regulatory and other requirements and how the introduction of new technologies, the ongoing need to balance the transition from paper to electronic and other considerations impact our approach to securing information while balancing the need provide effective client service.
Co-Moderators:@Leigh Isaacs - Director, Information Governance, DLA Piper@Reggie Pool - Senior Director, HBR Consulting LLC
Speakers:@Doug Landin - Chief Information Security Officer, Brownstein Hyatt Farber Schreck@James Merrifield - Director of Information Governance & Business Intake, Robinson & Cole LLP
Recorded on 08-15-2022​

Information Governance’s focus and influence is rapidly developing. Due to this growth, many may be unprepared on how to staff their organization for these evolving roles.You may wonder where to start or evaluate your staffing needs. Join our panel podcast interview, with speakers from law firms, resource providers and application experts who each share a different angle on what are the new hybrid skills that are needed to bridge RM and IT needs. In addition, we will highlight what skills and roles should a growing program hire for.Questions that Chuck will ask speakers:1. What are some trends developing in the workplace regarding traditional records management roles?2. What new roles/positions have you seen emerge with the increase of focus on InfoGov ?3. What are some hybrid skills you’ve seen or needed to bridge the gap between RM/IG/IT?4. What are some recommendations do you have for firms for educating existing staff v. hiring additional headcount?5. What do you look for in new employees? IG experience? Records experience? IT experience? None of the above? How do you determine whether someone will be successful in this field?
Moderator:@Chuck Barth - Director of Information Governance, Sheppard Mullin Richter & Hampton LLP
Speakers:@Steve Huffman - Solutions Director – Information Governance, Williams Lea@Rudy Moliere - Director of Information Governance, Morgan, Lewis & Bockius LLP
​Recorded on 07-25-2022

This podcast interview session will take a look into our mobile devices (super computers in our pocket) and the built in (or lack there of) security around them.Can we rely on our devices out of box as long as they’re managed or has the time come where we need to take mobile security to the next level?Questions that David will ask speaker:1. Mobile devices are essentially a smaller version of a computer that can fit in your pocket. They’re on us and in use almost all the time. Confidential information flows to, from and through them, yet we don’t seem to secure them to the same level as a computer. Is that because they’re just secure out of the box? Or are we missing something?2. What types of threats and attacks should we be concerned about with our mobile devices?3. A lot of organizations may say we use MDM (mobile device management) to secure our mobile fleet of devices. Is an MDM sufficient?4. If out of the box security and usage of an MDM is not quite enough, what addition protections should we be looking at?5. How should different usage patterns and user interfaces of mobile devices factor into an organization's model of the mobile security threat and mobile security solutions?6.Obviously budgets and staff have an influence on just how much security you can deploy and manage. What would be the top 3 items that all businesses and mobile users should put into place to help protect their mobile devices?
Moderator: @David Whale - Director Information Security, Fasken Martineau Dumoulin LLP
Speaker:@Seth Hallem - CEO & Chief Architect, Mobile Helix 
 
Recorded on 06-17-2022
​​

Information Governance…we hear this term all the time in legal, but what does it really mean? Is it referring to controlling the stream of information inside a law firm or law department, or outside one? And what methods are being utilized in today’s law firms and law departments to govern this often critical information?In this interview session, we will discuss what the term actually means and what effects it can have on firm attorneys and staff. Finally, we’ll learn why having an IG policy is so vital to clients and firms alike.
 
Moderator:@John Graves - Training Support Specialist, Winstead PC
Speaker:@Jeffrey Sharer - President and CEO, LexShift Recorded on 04-01-2022

This podcast session will delve into the very real problem of trying to explain data governance to end users and the C-suite. Our experts will tackle the difference between data governance and information governance, the importance of a good data governance program, how to best distribute the responsibility of data governance, and how to keep data fresh, clean, and reliable as we continue to take in more and more.Questions Chris will ask speaker(s):1. Information Governance and Data Governance may often be used interchangeably, help our listeners understand what the key differences are and why it is important to differentiate them.2. What should the objective of a data governance program be?3. Data governance seems very intimidating if you look at it as one persons job. How can information governance and data governance professionals go about engaging the enterprise in good data governance practices?4. How can IG professionals best make a business case for a data governance program in order to secure resources?5. What are some real practical strategies for ensuring the cleanliness and reliability of data in an organization?
Moderator:@Christopher Hockey, IGP - Director of Information Governance and Management,Bond, Schoeneck and King, PLLC
Speakers:​Neil Burge - Founder, CEO of Cognopia Pte Ltd.Steve Bradley - Director, HBR Consulting
 
Recorded on 01-27-2022

During this podcast, a cyber security professional will discuss ways that you can ensure that you have adequate visibility to protect against unauthorized access into our data as you move additional pieces of your architecture into the cloud. The conversation will highlight cloud access security brokers, security incident and event management, and data loss prevention tools and strategies.Moderator:@Corey Reitz - E-Discovery Project Lead, Sandia National LaboratoriesSpeaker:Kevin Magee - Chief Security Officer, Microsoft Canada
​Recorded on 08-06-2021​

There is no doubt that business decisions based on proven data have the best chance of being the most successful in any campaign, strategy or operation. Gathering the  required data from the proper systems and then massaging it into the best format for consumption will power the most successful data driven decisions.  In this podcast, we will delve into the deepest reaches of datamining to strike the most valuable information and then refine and process it into consumable reports and end products to ensure success.Co-Moderators:@Jack Recinto, Senior Applications Director, Vedder Price P.C@Alisher Yuldashev, Business Technology Advisory Manager, Borden Ladner Gervais
Speaker:Paul Wilner, Data and Analytical Consultant and Statistical Analysis Instructor
​​Recorded on 06-04-2021

Join us in learning the perspectives of three eDiscovery practitioners on two common scenarios that lawyers may encounter. In this podcast, we will address archiving and destruction, returning of evidence.All opinions or personal views expressed are their own and not those of their organizations. As the title mentions, this will be a series of podcasts highlighting practical considerations when talking to your lawyers about data. We encourage you to follow the series and provide feedback in the evaluation link below!Moderator: @Charles Neal - Litigation Support/eDiscovery Manager, Keating Muething & Klekamp PLLPodcast Speakers:@Jennifer Bernstein - Vice President, Assistant General Counsel, ‎JPMorgan Chase & Co.@Kate Collum- VP - US Operations Manager, JPMorgan Chase & Co.@Cameron Herzog - Director of IT, Brownstein Rask LLP 
Recorded on 05-28-2021