Upload
the-lorenzi-group
View
514
Download
0
Embed Size (px)
DESCRIPTION
HR Executives are faced with greater risks than ever before when it comes to data security and employee behaviors. This is an overview of processes and emerging risks. Presentation Highlights:KEEP passwords and data privateGreatest risk is from the inside Spoliation risks in legal mattersSecurity Analytics and Employee Monitoring
Citation preview
Digital Forensics, eDiscovery, & other
Technology Risks for the HR Executive
The Lorenzi Group
p@SSw0rDz
Match.com
• Less is More, hire a professional
This line of questioning could open discrimination issues
Concepts of Security are Changing
• The only thing you should be secure about is that nothing is secure
• Organized Crime
• Random
• Employees
• Hacktivists
Greatest Risk to Business?
• Employees, Contractors, Vendors & Partners
• Inside vs. Outside
• Don’t stop protecting outside…..
Virtual Machines & Child Porn
• The virtual world is going virtual
• CP (or CSAI – See-S-eye) is an addiction
• Pirated media a (profitable) hobby
• High bandwidth, “ghost” (vmware)
The only thing you need to know:
Liability is HUGE.
Digital Forensics & eDiscovery
• 2 Step Process• Capturing and preserving everything• Preparing the “Useful” information
SMILE!
Digital Forensics Using a 35mm Camera
Create a Forensic Image (Preserve Data)
Take a Picture
Restore the Forensic Image Develop the Film
Analyze the Information Choose the Pictures you want
Report (and Testify) as necessary Build a Scrapbook
Digital Forensics
E-Z eDiscovery
1. Convert paper to electronic images
2. Combine images with Digital Forensics results
3. Filter out Unnecessary Info
4. Review Results
5. Submit
SPOLIATION
• The alteration and/or destruction of data
• Examples:• Resending an email• Opening a Word document• Deleting a picture• Turning on a computer
Litigation Hold
Legal Notice
Starts the moment litigation becomes reasonably possible
Requires parties to preserve all potential evidence
Failure to abide could bring sanctions, fines, dismissal of case, & criminal charges
The IT Department –
Your BEST Friend… and WORST
Enemy• Digital Forensics is all about 3 things:
• Process• Experience• Defensibility
• CAN IT do some/all of it? Maybe.
• SHOULD IT do some/all of it? NO.
Any time…
You think internal is better/cheaper/faster…
• Remember:• Legal, Financial, & Criminal Liability • IT fear of public speaking• Interpersonal relationships…… (ask
about this)
Employee Monitoring• It’s not Big Brother, it’s SMART Business
• Improves Data Security Exponentially• Mistakes• Desperate• Criminal
• Makes Compliance Easier
• Can provide Productivity metrics • Termination Justification• Training Needs• Resource Allocation• Cost Saving Opportunities
Examples:
Lockheed, Fidelity, USPS, Kaiser Permanente
BYOD
• Stored Communications Act
• Employee Owned/Company Paid
• Company Owned
EADV
Electronic Devices and Social Media Misuse
Major initiative for 2012
ADA
• EU says websurfing is an addiction
• What does the US say?
• REALLY????
Thoughts
Social Media is good
Acceptable Use Policies are required
Detailed Background Checks are better than FB pages
Ongoing Training & Reminders are critical
Thank You
Rob Fitzgerald
The Lorenzi Group
866-632-9880 x123
www.thelorenzigroup.com