CISO’s profiles rise as their reach extends into legal
Security Extra, February 18, 2008
With the vast amount of electronic data that companies deal with these days, legal professionals are becoming overwhelmed and overworked trying to keep up with it all. That’s why legal departments and Chief Information Security Officers (CISOs) are beginning to form relationships that allow them to work closely together and bridge the gap between themselves and their clients’ digital documents. However to successfully do so, the author of this article offers a variety of ideas CISOs should keep in mind while working with legal departments.
- Strong communication with Legal. Some companies form “working groups” that facilitate planning, coordination and trust. IS should select representatives who are not put off by lawyers or how they communicate.
- Technology capable of efficiently searching, locating and collecting data from every single server, workstation and laptop in the company. Enterprise-wide solutions that automate data collection (including metadata) usually also provide the logging and documentation that may be crucial to the lawyers at a later date. Having a common platform to support electronic disclosure, regulatory collections, internal fraud investigations, computer security incident response, internal audit, and other key processes allows the company to dramatically reduce the cost per activity by amortizing the cost of the platform over many different events, minimizing the employee training required, and reducing the amount of outsourcing to expensive consultants.
- Strong project management. Smart project management not only gets the job done efficiently, but keeps an eye on documentation in a way that reassures courts and regulators.
- Processes that is defensible and repeatable. Ad hoc approaches to data collection increase doubt and suspicion by lawyers, courts and regulators. Repeatable process increase IS’s ability to ensure compliance with best practices, rules of evidence and data protection laws.
For more information on how to successfully bridge the two versatile departments together, check out this article and see how you can implement such an environment in your own workspace.