ILTA Voices
Episodes
Tuesday Oct 04, 2022
InfoSec Risk Reduction 101 for Remote & Hybrid Document Review Operations
Tuesday Oct 04, 2022
Tuesday Oct 04, 2022
In this podcast interview session, the speakers discussed some challenges and solutions when implementing security in a hybrid/remote environment. In addition, they spoke about cybersecurity, regulatory issues, and ethical considerations when client data in discovery and internal investigations is accessed temporary contract attorneys working from home.Questions Jordan asked the speakers:
First, describe your roles at your respective organizations and specifically how you are involved in doc review projects
How have the information security elements of these projects, or your infosec concerns, changed over the last couple years?
What are the important items to consider when planning for a remote document review project?
Differences between “secure VPN”, SessionGuardian, other options? What are different infosec and DLP approaches and technologies you see in the market?
What are some practical, tactical, day-to-day challenges found managing WFH doc review teams … and how does enhanced attention to infosec and careful application of good tools and protocols help?
Describe the roles, goals, and challenges of the law firm, the client, the hosting provider and the doc review staffing provider in today's remote doc review project
Moderator:@Jordan Ellington - Founder and CEO, SessionGuardian
Speakers:@Scott Bilbrey - CEO, Vigilant@Todd Mattson - Chief Practice Systems & Services, Covington & Burling LLP
Recorded on 10-04-2022
Friday Sep 23, 2022
Protecting Your Custom Software-Security Scanning and Runtime
Friday Sep 23, 2022
Friday Sep 23, 2022
This podcast reviews the various categories of vulnerability tools that should be used against custom software web applications and describe a couple of the vendors in each space. The types of scanners that will be covered include Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis (SCA), Interactive Application Security Testing (IAST), and hiring a company to perform penetration testsQuestions that Corey will ask speaker:• What is the state of web application vulnerability testing tools today?• If you are on a tight budget, where would you consider using open source solutions over vendor offerings?• Is there a scanning category where you would not compromise, and absolutely would use a vendor solution? If so, why?• What are some of the limitations that people should be aware of when using various vendor scanning tools?• How has deploying web applications in a cloud infrastructure changed web application scanning?Moderator:@Corey Reitz - Distinguished Cyber Assurance Architect, Sandia National Laboratories
Speaker:Atahan Bozdag - Director of Information Security,MedeAnalytics Recorded on 09-23-2022
Friday Sep 09, 2022
Has the Time Come for Passwords to Take a Back Seat to Security
Friday Sep 09, 2022
Friday Sep 09, 2022
The majority of breaches today no longer come through delivered malware as our systems have become very strong with detecting and blocking these resulting in more effort than value for the attacker. Instead, it’s easier, faster and more economical to just try and steal your password, or better yet have you provide it yourself. This podcast takes a look at the security risks that are actually derived from one of our more important security controls… passwords; and look at what we can do to minimize those risks moving forward.
Questions Dave will ask the speakers:
A recent study by Verizon found that more than 80 percent of breaches through hacking involve brute force or the use of lost or stolen credentials. Microsoft estimates that there are 921 password attacks per second. We’ve been educated for years by the security industry and our awareness programs that passwords are the most crucial component to protecting our environments and our information. How is it that this sacred key to our kingdom is actually resulting in opening so many doors for attackers?
NIST has taken steps to try and reduce the bleeding with their new Password guidelines and best practices which encourage passphrases of more characters, less complexity and less changes. Are these steps in the right direction to actually keeping us secure?
Many security tools are now providing artificial intelligence around login requests that look to see if the member is coming from a known device and location prior to providing access. Would implementing these types of risk based controls with MFA and a passphrase by the answer to our problems?
Biometrics for authentication always seemed to be the next logical step for passwords. We have our basic biometrics on devices however, those are all back supported by a password or PIN. Will we ever get to a place where we’re truly only using biometrics for all authentication?
I understand that Apple, Google and Microsoft are working on a solution together that will get rid of passwords. Instead, they will just leverage the biometrics on your phone as your access code to everything. With this in mind do we just need to sit tight and all our troubles will soon be fixed?
Moderator:@David Whale - Director Information Security, Fasken Martineau Dumoulin LLPSpeakers:Sohail Iqbal - CISO, VeracodeEldon Sprickerhoff - Founder and Chief Innovation Officer, eSentirePhillip Solakov - Director, Client Solutions, Optiv, Inc.Recorded on 09-09-2022
Monday Jul 25, 2022
What New Staff Roles Are Necessary for a Growing InfoGov Program?
Monday Jul 25, 2022
Monday Jul 25, 2022
Information Governance’s focus and influence is rapidly developing. Due to this growth, many may be unprepared on how to staff their organization for these evolving roles.You may wonder where to start or evaluate your staffing needs. Join our panel podcast interview, with speakers from law firms, resource providers and application experts who each share a different angle on what are the new hybrid skills that are needed to bridge RM and IT needs. In addition, we will highlight what skills and roles should a growing program hire for.Questions that Chuck will ask speakers:1. What are some trends developing in the workplace regarding traditional records management roles?2. What new roles/positions have you seen emerge with the increase of focus on InfoGov ?3. What are some hybrid skills you’ve seen or needed to bridge the gap between RM/IG/IT?4. What are some recommendations do you have for firms for educating existing staff v. hiring additional headcount?5. What do you look for in new employees? IG experience? Records experience? IT experience? None of the above? How do you determine whether someone will be successful in this field?
Moderator:@Chuck Barth - Director of Information Governance, Sheppard Mullin Richter & Hampton LLP
Speakers:@Steve Huffman - Solutions Director – Information Governance, Williams Lea@Rudy Moliere - Director of Information Governance, Morgan, Lewis & Bockius LLP
Recorded on 07-25-2022
Friday Jun 17, 2022
Mobile Devices: We Use Them All Day Long - When Do We Start Protecting Them?
Friday Jun 17, 2022
Friday Jun 17, 2022
This podcast interview session will take a look into our mobile devices (super computers in our pocket) and the built in (or lack there of) security around them.Can we rely on our devices out of box as long as they’re managed or has the time come where we need to take mobile security to the next level?Questions that David will ask speaker:1. Mobile devices are essentially a smaller version of a computer that can fit in your pocket. They’re on us and in use almost all the time. Confidential information flows to, from and through them, yet we don’t seem to secure them to the same level as a computer. Is that because they’re just secure out of the box? Or are we missing something?2. What types of threats and attacks should we be concerned about with our mobile devices?3. A lot of organizations may say we use MDM (mobile device management) to secure our mobile fleet of devices. Is an MDM sufficient?4. If out of the box security and usage of an MDM is not quite enough, what addition protections should we be looking at?5. How should different usage patterns and user interfaces of mobile devices factor into an organization's model of the mobile security threat and mobile security solutions?6.Obviously budgets and staff have an influence on just how much security you can deploy and manage. What would be the top 3 items that all businesses and mobile users should put into place to help protect their mobile devices?
Moderator: @David Whale - Director Information Security, Fasken Martineau Dumoulin LLP
Speaker:@Seth Hallem - CEO & Chief Architect, Mobile Helix
Recorded on 06-17-2022
Friday Apr 01, 2022
Understanding Information Governance: What it is and Why is it So Important
Friday Apr 01, 2022
Friday Apr 01, 2022
Information Governance…we hear this term all the time in legal, but what does it really mean? Is it referring to controlling the stream of information inside a law firm or law department, or outside one? And what methods are being utilized in today’s law firms and law departments to govern this often critical information?In this interview session, we will discuss what the term actually means and what effects it can have on firm attorneys and staff. Finally, we’ll learn why having an IG policy is so vital to clients and firms alike.
Moderator:@John Graves - Training Support Specialist, Winstead PC
Speaker:@Jeffrey Sharer - President and CEO, LexShift Recorded on 04-01-2022
Friday Mar 04, 2022
Security, Privacy and Compliance Tools in M365
Friday Mar 04, 2022
Friday Mar 04, 2022
Microsoft’s M365 solution includes a growing and evolving number of security solutions. These include MFA, Exchange On-Line Protection, Advanced Threat Protection and others, some new, some improved.
This podcast will be an overview of the solutions in M365 today, solutions that are either baked in to our existing M365 licenses at no additional cost or available at a nominal cost, that offer the possibility to retire and displace more expensive 3rd party solutions.
Moderator:@Mark Manoukian - IT Director, Kegler, Brown, Hill & Ritter
Speaker:Paul Edlund - Chief Technologist - Midwest, Microsoft
Recorded on 03-04-2022
Thursday Jan 27, 2022
Making Data Governance Digestible
Thursday Jan 27, 2022
Thursday Jan 27, 2022
This podcast session will delve into the very real problem of trying to explain data governance to end users and the C-suite. Our experts will tackle the difference between data governance and information governance, the importance of a good data governance program, how to best distribute the responsibility of data governance, and how to keep data fresh, clean, and reliable as we continue to take in more and more.Questions Chris will ask speaker(s):1. Information Governance and Data Governance may often be used interchangeably, help our listeners understand what the key differences are and why it is important to differentiate them.2. What should the objective of a data governance program be?3. Data governance seems very intimidating if you look at it as one persons job. How can information governance and data governance professionals go about engaging the enterprise in good data governance practices?4. How can IG professionals best make a business case for a data governance program in order to secure resources?5. What are some real practical strategies for ensuring the cleanliness and reliability of data in an organization?
Moderator:@Christopher Hockey, IGP - Director of Information Governance and Management,Bond, Schoeneck and King, PLLC
Speakers:Neil Burge - Founder, CEO of Cognopia Pte Ltd.Steve Bradley - Director, HBR Consulting
Recorded on 01-27-2022
Wednesday Nov 10, 2021
Microsoft Defender for Cloud Apps is the Next Wave in Securing the Cloud
Wednesday Nov 10, 2021
Wednesday Nov 10, 2021
In this podcast interview session, the speaker will provide an overview of Microsoft Defender for Cloud Apps and why it is important. There will be a heavy focus on Microsoft Defender for Cloud Apps as this will be the most natural fit for firms.Questions Chris will ask Idan: - What is Microsoft Defender for Cloud Apps ? (Begins at 00:36) - How do you best discover and control unsanctioned cloud apps? (Begins at 1:12)- What are some policy-based controls (Begins at 4:09)- Explain DLP management (Begins at 6:36) - How does Microsoft Defender for Cloud Apps help with compliance? (Begins at 9:27)- Please provide us with a deeper dive into using Microsoft Defender for Cloud Apps to increase security posturing of Office 365 and other cloud applications (Begins at 11:26) Moderator: @Christopher Hockey, IGP - Director of Records and Enterprise Content, Bond, Schoeneck and King, PLLCSpeaker:Idan Basre - Product Manager, Microsoft Cloud App Security Recorded on 11-10-2021
Tuesday Nov 02, 2021
Enterprise IT Support at Home
Tuesday Nov 02, 2021
Tuesday Nov 02, 2021
In this podcast session, the speakers will discuss changes, challenges, and approaches to supporting enterprise users at their homes.Helpful timeframe of questions asked/responses in the respective podcast: (00.39 - 2:37) "What are the Challenges of Supporting Enterprise Users Remotely?"(2:38 - 4:38) "Did everyone use Citrix and apply to everyone?"(4:40 - 6:18) "Talk about the scope of working remotely."(6:22 - 9:23) "Tell us what tools have you used to support the enterprise users at home when working remotely?" (9:23 - 10:38) "How about support on mobile devices and other devices like speed test, do either of you use these tools?"(10:39 - 13:24) "How do you support practices changed from moving from a enterprise office to home."(13:25-15:36) "What new knowledge or certifications have helped you cope with the changing environment?"(15:37 - 16:29) "What challenges remain?"(16:30 - 19:07) "What challenges remain on hardware?"(19:07 - 20:06) "Do either of you support remote printing?"(20:07 - 21:32) "Does time of day make a difference?"Moderator:
@Mark Manoukian - IT Director, Kegler, Brown, Hill & Ritter
Speakers:@David Michel - Chief Information Officer - Becker & Poliakoff, PA@Frank Ziller - CIO, Frontline Managed Services
Recorded on 11-2-2021
Thursday Oct 28, 2021
How to Best Protect Yourself Against Rising Phishing and Smishing Tactics
Thursday Oct 28, 2021
Thursday Oct 28, 2021
In this brief podcast, we hope to bring continued awareness to current cybersecurity vulnerabilities and how cybercriminals are evolving to target individuals/businesses using legitimate-looking emails and social media messages.Moderator: @Carolyn Bragiel - Advisor, Legal E-discovery, Cardinal HealthSpeaker:Marissa McDermid - Program Manager, Security Awareness, ResilienceRecorded on 10-28-2021