OnDemand

Fortifying the Corporation and Law Firm Against Cyber Threats: Steps to Establish an Effective and Economic Cybersecurity Regime

Price: $224 OnDemand

FULFILL ALL YOUR CONTINUING EDUCATION CREDITS FOR $399

Sign up today for an entire year of unlimited access to relevant, timely professional learning courses, including webinars, eLearning courses and OnDemand offerings, and keep your professional credits up to date. All for just $399.

Learn more about the subscription!

SUSCRIBE NOW

DESCRIPTION

This program will provide current information and lessons learned in the cybersecurity, data breach, privacy and IT security compliance areas facing the legal ecosystem of 2014 and beyond. The faculty includes a corporate specialist and outside counsel, both with expertise in cybersecurity; a forensically trained cybersecurity investigative expert who formerly directed the FBI’s cybersecurity resources; and a certified financial expert who specializes in boards of directors and C-Level risk assessments and mitigation.

The topics focused on—penetration testing, vulnerability assessments, cyber insurance, security monitoring, audits and incident response—will elevate attendees’ technical knowledge, vernacular and practical understanding of cyber-threats, their prevention (legal risk assessment), IT security realities, incident response methodologies and data security issues from legal, operational and investigative perspectives.

The faculty will discuss the manner in which an organization may develop a comprehensive cyber audit program to assess risk as well as audit programs that use, in equal parts, “cyber technology know-how” and “social programming.” Social programming is the sum of learned and unlearned employee behaviors in an organization that inadvertently aids hackers, professional thieves and other dedicated adversaries in the defeat of the latest in data security technology using a variety of techniques, generally referred to as ”social engineering.” Although social engineering is a specific subset of cybersecurity, one need not possess a degree in computer science, nor even a significant grounding in cyber technology, to comprehend the manner in which an understanding of social programming and social engineering are vital in establishing an effective cybersecurity regime.

Until problematic employee behaviors and inherent cyber threat-related personality and occupational deficiencies are formally and comprehensively addressed through testing and subsequently remediated, organizations will continue to expend frequently large sums of money upon IT “cyber solutions” that, while providing a false sense of security, will leave an entity remaining markedly exposed to cyber attacks.

Educational Objectives:
1.Understand the manner in which “social engineering” can be effectively countered and cyber attacks stymied.
2.Discover the following aspects of cybersecurity and their attendant technical features:
        a. Penetration testing (and understanding a hacker’s world)
       b. Scanning of system infrastructures in order to reveal network vulnerabilities
       c. The monitoring of data flows behind a system’s firewall to assure network security
       d. The forensic investigation of the breach of various systems (such as a hosted environment) 
       e. The assessment of mobile devices in search of malware and other security vulnerabilities.
3.Learn the primary technologies used to minimize network vulnerabilities.
4.Understand the types and uses of cyber audits.
5.Consider the OCIE Cybersecurity Initiative and NIST’s “Framework for Improving Critical Infrastructure Cybersecurity.”
6.Hear about the use of table-top exercises and executive training programs.
7.Understand how to leverage eDiscovery and forensic resources for cybersecurity audits and incident response reviews.
8.Learn about techniques to prevent damage to network systems arising as a result of the failure of antivirus software (it is estimated that, at present, no more than 45 percent of cybersecurity attacks are caught by antivirus software).

Who would benefit most from attending this program?
Compliance, risk, IT security executives and legal counsel, including:
• Attorneys advising corporations and other organizations (including law firms) on cyber risk.
• In-house counsel and chief legal counsel for corporations.
• Senior executives and board members.
• Chief security officers.
• CIOs serving as leaders in the cyber risk area for their organizations.
• HR management personnel that seek to play a much larger leadership role in their firm and/or have been given the mandate by the CEO to head up data security training and education for the firm.
• Cyber-technology specialists in all aspects of the cybersecurity field.
• eDiscovery specialists seeking to understand the manner in which to best leverage their expertise in addressing cyber risk.


SPEAKERS

ROBERT ALAN EISENBERG, THE EMPIRE CONSULTING GROUP

Robert Eisenberg is a Managing Director of the Empire Discovery Consulting Group. He is based in New York City and Washington, D.C. Mr. Eisenberg frequently conducts seminars, CLE courses, webinars and other presentations on the subjects of eDiscovery, computer forensics and information governance. He is the Founding Chair of The Advanced E-Discovery Institute at The Georgetown University Law Center. The Institute offers the only annual CLE program dedicated to the discipline of eDiscovery in the United States sponsored by a major law school and is presently in its 11th year. Mr. Eisenberg is also the originator and founding co-chair of Georgetown Law Center's eDiscovery Training Academy; a unique school for the comprehensive practical training of attorneys, practice support professionals and technical specialists in the entire spectrum of legal strategies and technological services that constitute the full practice of electronic discovery. He is the chair of Georgetown Law's eDiscovery Practice Support Distance Learning Program, and he sits on the Advisory Board for Bloomberg BNA's eDiscovery Resource Center. Mr. Eisenberg earned a J.D. from Hofstra University School of Law.


FRANKLIN H. KRAHN, MAYO CLINIC

Frank Krahn has been affiliated with the Mayo Clinic for more than 30 years. He currently is the Director of Investigations & Legal Discovery, Internal Audits, at Mayo. Mr. Krahn holds numerous certifications, including Certified E-Discovery Specialist, Certified Information Systems Security Professional (CISSP), Certified Risk and Information System Control, Certified E-discovery (Advanced), Certified Computer Crime Investigator (Advanced Level) and Certified Computer Forensic Technician (Advanced Level). He is a member of the High Tech Criminal Investigators Association (HTCIA), the High Tech Crime Network and InfraGard. Mr. Krahn has served on the editorial review board for the Journal of Computer Crime Investigations and Forensics, is a past board member of InfraGard and HTCIA MN. He has also taught classes for or consulted with various law enforcement agencies including the MN State Patrol, the MN Crime Prevention Annual Meeting, and local law enforcement.


SCOTT K. LARSON, LARSON SECURITY, LLC

Scott Larson, former FBI Cyber Crime Chief, is a digital forensics, cyberesecurity, cyber crime and cyber espionage expert who serves as a trusted adviser to the Fortune 500, law firms, medical non-profits and governments in data preservation, incident response, cyber security and other complex technical, legal and regulatory issues. He has served as a Court Neutral Expert in the Congressman Jefferson case, as the FBI's expert for a hack into the U.S. Supreme Court, and hacking cases of presidential & congressional campaigns. In 2011, he participated in the White House's National Security Counsel's Botnet Mitigation Working Group. Other work includes audit committee investigations, consumer protection settlement testimony in front of the Federal Trade Commission (FTC) and state Attorneys General, cutting-edge research & development, lab build-outs, embedded staff forensic/analytic knowledge transfer and out-of-band Advanced Persistent Threat (APT) mitigation and remediation.

While with the FBI, Mr. Larson led the computer investigations and infrastructure program responsible for investigations, operations, personnel and program budget for all 56 field offices. He represented the FBI in the G8 and Interpol working groups and also served as an adjunct professor, overseeing the curriculum and instruction of the CFS 499 Computer Forensics Capstone Project at Metropolitan State University. Among Mr. Larson's professional certifications are Certified Information Systems Security Professional (CISSP); AccessData Mobile Examiner (AME); AccessData; Certified Information Privacy Professional (CIPP); International Association of Privacy Professionals (IAPP); Certified Information Security Manager (CISM); Information Systems Audit and Control Association (ISACA); Qualified Security Assessor (QSA); Payment Card Industry Security Standards Council (PCI SSC); Forensic Examiner of Computer Evidence, FBI Laboratory; Evidence Response Technician & Evidence Response Team (ERT) Leader, FBI. He is a graduate of the University of Saint Thomas, Minneapolis-St. Paul.


ROBERT A. MESSEMER, NIELSEN

Robert "Bob" Messemer serves as the Chief Security Officer for Nielsen, a position to which he was appointed in October 2007. Nielsen, based in New York and Amsterdam, is the world's leading consumer preference measurement and marketing research firm operating in 100+ countries. Nielsen measures consumers' television viewing, online preferences as well as their purchasing decision preferences in consumer packaged goods. As Nielsen's Chief Security Officer, Mr. Messemer is the most senior security executive responsible for creating Nielsen’s security strategy, cybersecurity and data protection programs as well as protecting Nielsen's people, data and intellectual property. He serves as a full-time member of the Nielsen Audit Committee. Over the past seven years, Mr. Messemer has conducted several complex, global investigations and exerted strong leadership in risk management. Previously, he served with distinction as a Federal Bureau of Investigation Special Agent in several key leadership roles for 24 years, having retired in September 2007 to assume his current position.


STEFAN WHITWELL, EMPIRICAL SOLUTIONS, LLC

Stefan Whitwell, CFA, CIPM has two decades of investment and risk management experience. Prior to co-founding his own firm, Mr. Whitwell worked for Goldman Sachs, Credit Suisse and James D. Wolfensohn, Incorporated. He advises clients on measures to be undertaken in order to secure data.

Mr. Whitwell is a graduate of the Wharton School of Business at the University of Pennsylvania and has earned the CFA Charter and CIPM Certificate from the CFA Institute, where he is a regular volunteer. He is a B.O.S.S. outdoor survival school graduate, trains in Gracie Jujutsu, plays the violin and is fluent in Japanese.

 


DAVID A. ZETOONY, BRYAN CAVE LLP

David Zetoony is a partner with Bryan Cave and leader of the firm's data privacy and security practice. He specializes in consumer protection and has extensive experience advising clients on how to comply with the advertising and data privacy rules and regulations of the Federal Trade Commission, representing clients before the Commission, and defending class actions brought under state consumer protection statutes. He has spoken and written extensively on cybersecurity issues.

Mr. Zetoony earned a J.D. from the University of Virginia and a B.A., cum laude, from Rice University. He is admitted to practice in the District of Columbia and Virginia as well as before the U.S. Supreme Court; the United States Courts of Appeals for the Third, Fourth and District of Columbia Circuits; and the U.S. District Courts for the District of Columbia, Eastern District of Virginia and District of Maryland.