Below is the full schedule of all events and activities. Refine your search to see specific type of sessions.
Area of Focus:
The 2017 LegalSEC Pre-Summit Workshop is focused on having a business strategy approach to security. During introductions, the LegalSEC Co-Chairs (Scott Rolf and Sherri Vollick) will outline how this strategy will be covered throughout the day's sessions. And Peter Kaomea, ILTA's LegalSEC Steering Committee Chair, will provide an update on ILTA's LegalSEC® initiative. #ILTALSS #LSS01
If you look at your security from a 10,000-foot view, it can be overwhelming to decide where to invest your security dollars. Money will need to be spent on infrastructure, hardware, operating system and applications. Learn how your money can be well-spent as you hear from peers on where to stack your security dollars. #ILTALSS #LSS02
Each law firm has similar yet varying security needs, and a decision matrix can be used to help you determine how to prioritize your security budget. See how to use this matrix to address your organization's security needs related to cost, labor, necessity, alternatives, pressures, quality and risk. #ILTALSS #LSS03
How does the information you store compare to the data you should be storing? ILTA peers will identify what information they have, where it resides, the risk of having it, and what should be retained or destroyed. #ILTALSS #LSS04
There are many day-to-day tasks involved with keeping your information secure: monitoring and prioritizing threats, implementing and maintaining policies, applying updates, auditing systems, and more. Come hear tales from the trenches and receive practical advice on how to put some structure around your security operations and move beyond putting out fires. #ILTALSS #LSS05
From basic client questionnaires to broad standard information-gathering questionnaires (SIGs), clients are finding ways to comply with regulatory requirements by auditing their vendors (aka law firms). Having a solid plan in place can improve your relationships with clients during this process. Learn how pen testing tools — both internal and third-party — play a role in these security relationships. #ILTALSS #LSS06
Let's explore various types of security incidents, including denial of service, ransomware, outages, pandemics, and the appropriate responses for each. We will talk about emergency communication plans and crisis notification systems, and we will walk through a table-top incident response exercise. #ILTALSS #LSS07
Before leaving for the day, come hear an overview of what was covered and share what you learned. #ILTALSS #LSS08
Enjoy a reception with pre-summit attendees!
Law firms are rich repositories of sensitive data, including material nonpublic information, trade secrets, intellectual property, corporate strategies, personal and financial information, and attorney-client communications. The value of this data is not lost on hackers, who are increasingly exploring ways to monetize and exploit it. What are the cybersecurity threats that law firms should be most worried about? What are the potential consequences if those threats materialize? And what should law firms be doing to protect themselves? #ILTALSS #LSSKEY
In-network threat visibility and detection are considered critical security infrastructure in today’s world where advanced threats and insiders consistently demonstrate that they can evade security prevention systems. But there is hope in deception! Come hear why deception is being recognized for its efficiency in detecting advanced threats, how it works and what use cases are driving adoption. Real-world deployment experiences will demonstrate the reasons why organizations are choosing deception technology. #ILTALSS #LSS10
In a world of inconsistent client demands, state and federal regulations, and operational practicalities, implementing an effective breach notification policy can be daunting. Come explore the factors that should be considered and balanced in this challenging process. #ILTALSS #LSS12
A pen test might be a compliance requirement check box, but that doesn’t always equate to a secure environment or a proper assessment of your operational security. What does? A panel of Red Team members will gather to share their pen test insights on: objectives, planning, implementing and using the results to strengthen your security posture. Come meet the Team! #ILTALSS #LSS09
Scientists at the National Institute of Standards and Technology (NIST) were surprised at one of the findings of their 2016 study on internet use. Study subjects’ responses demonstrated underlying feelings of weariness and hopelessness regarding practices meant to keep information secure. “Security fatigue,” the term they coined to describe it, is defined by the NIST team as “the psychological state one reaches when security decisions become too many and/or too complex.” It seems the quest to improve online security habits and protect information confidentiality may have created a condition that could undermine the time, effort and money we invest in information protection. The NIST research team is on the forefront of discovering more about security fatigue. Their immediate and future research goals are to uncover and understand what might be done to lessen security fatigue’s effect on internet users. Join study co-author and NIST cognitive scientist, Brian Stanton, for a review of the study parameters, results and future research goals. #ILTALSS #LSS11
In today’s world, the term “mobile lawyer” is almost redundant. Unless a lawyer is sitting in their physical office connected to the firm's production network on their firm-provided computer, they’re mobile. And chances are good that they’re doing client work. Our clients demand that we secure our systems and their information, and firms are spending the time and money to put protections in place. But is it too little, too late? Can you truly secure a mobile workforce? #ILTALSS #LSS19
Remember the days when antivirus and Windows Firewall were all the workstation security you needed? The modern threat landscape requires new approaches to the problem of endpoint security, but the choices and options available can be as confusing as the threats themselves. Join us for a presentation on practical approaches to endpoint security in the legal environment, the tools and techniques that have worked for others, and how to get your firm on track to solving this problem. #ILTALSS #LSS16
Are you intrigued by Office 365 but concerned about how your identity is protected and your data secured? What about features such as ediscovery and compliance? Hear about Microsoft’s approach to securing its cloud services and see a demonstration of many security and compliance features offered by Microsoft’s platform. #ILTALSS #LSS30
The legal profession faces new challenges each day in the dynamic landscape of a connected business world. In order to withstand the test of these elements, law firms can check their strength and durability with the help of a penetration test. What new challenges exist for preserving the very assets we need to access to complete our work? Learn more as we discuss new techniques and industry changes related to penetration testing. #ILTALSS #LSS15
New technologies and approaches for encrypting data in motion and at rest will be discussed in the context of usability, security, client requirements and emerging technologies. Join us as we explore various options for encrypting data and how best to maneuver through the obstacles standing between security, client service and end-user functionality. #ILTALSS #LSS18
Data loss prevention (DLP) tools help impede the accidental or unauthorized loss of sensitive data. Since law firms deal almost exclusively in confidential client data, implementing a meaningful DLP program without hindering the practice of law can be an overwhelming task. Sit in as a panel explores these issues and shares recent experiences with DLP implementations in the legal environment. #ILTALSS #LSS14
No perimeter technology is 100 percent bulletproof. Period. It’s not a question of if you’ll be hacked, but when. You must prepare now. Proper security requires a combination of people, process and technology. Understanding that your perimeter will be breached is the first step toward implementing the right processes and technology to mitigate your firm’s risk and protect your client’s data – and your firm’s reputation. Come learn what technologies and processes can be implemented at your firm to mitigate the risk once the threat is inside your perimeter. #ILTALSS #LSS17
Are you frustrated with network vulnerability scanning services that deliver more inaccurate results and frustration than value?
Accuracy matters! Go beyond vulnerability scanning and experience a true vulnerability management solution: Frontline Vulnerability Manger - a progressive and intuitive vulnerability management platform that makes security manageable!
We invite you to join Don Legate, Digital Defense, Inc. Vice President of Sales Engineering, to take a tour of the Frontline Vulnerability manager user interface. Underpinned by the Digital Defense, Inc. patented scanning technology, recently named by Frost & Sullivan as Best Scan Engine, you will learn about the benefits of this leading edge technology while leveraging the enhanced interface to strengthen your ability to analyze, prioritize and simplify vulnerability management.
In this educational demonstration, Legal will introduce you you to exciting ways that law firms can maximize resources and better manage vulnerabilities. #ILTALSS #SL01
What does the future hold for cybersecurity law? Join us for a moderated discussion with two general counsel and security experts on our industry’s future. Hear more about the trends you should watch for, topics of common interest and intriguing examples of hacking. #ILTALSS #LSS27
With almost daily reports of new data breaches and extensive phishing campaigns, the days when you could count on only a username and password for security are at an end. Let's discuss options for adding additional layers of security for user authentication. We will explore a variety of software and hardware tools you can deploy immediately and look ahead to some emerging options (biometric, locational, etc.) you can consider for long-term security planning. #ILTALSS #LSS20
To successfully defend against automated attacks, we must fight fire with fire – or, in this case, machine with machine – by enhancing cybersecurity efforts through automation. Humans are incapable of making quick and highly effective decisions to manually address the volume of incoming threats. Security automation levels the playing field, reduces the volume of threats and allows for real-time detection and response to attack campaigns. Join us as we leverage open-source technologies and the Information Sharing and Analysis Organizations (ISAOs) threat intelligence to gain visibility into network traffic and develop automated workflows for faster prevention of new and previously unknown threats. #ILTALSS #LSS21
The web is the primary vector for exploit and risk to the firm. But access to web resources is a practical reality for law firms. Learn how a secure virtual browser, in use by over 20% of the AmLaw 50, can provide secure, managed access to the web, enable online research, and secure cloud-based applications. #ILTALSS #SL02
Enjoy a reception with conference attendees!
Join us as we look at how a typical ransomware attack is initiated. We'll explore what it looks like, how to trace it back to its origins and steps to recover and prevent reoccurrence. Learn best practices for preventing an attack, recovering from an attack and monitoring for an incident. #ILTALSS #LSS23
Users are the weakest security link in any professional service firm. If one individual’s credentials are compromised, all content he or she can access is at risk through criminal activity that can continue for months without detection. Your clients are demanding action and law firms are being held liable for data breaches. Appropriate segregation of data, working hand in hand with advanced analytics and machine learning to accurately detect malicious activity, is a key part of the answer. However existing solutions struggle to deliver this at scale given the number of security policies needed in today’s world, and firm productivity suffers. iManage Govern is a platform capable of protecting content in iManage and non-iManage systems. With products that include iManage Security Policy Manager and iManage Threat Manager, iManage Govern has been architected from the ground up to meet today’s security challenges and client expectations without impacting firm workflows and productivity. #ILTALSS #SL03
Do you retain bank or credit card receipts for matters on your network? Do you accept credit card payments? Come learn what Payment Card Industry (PCI) compliance really means for your firm and how to avoid running afoul. You'll hear tips from security experts from some of the leading banks in the country as well as outside security pros that guide their clients through the audit process. If you thought PCI doesn't affect your firm, think again! #ILTALSS #LSS25
Learn how your peers monitor and evaluate their internal cybersecurity programs. Monthly audits, weekly vulnerability scans, checklists and more...we will cover them all! #ILTALSS #LSS24
The amount of effort and resources our clients put into developing a unique product or process that can provide an edge in the business world is substantial. What happens if someone comes in and steals that edge for the benefit of a foreign country? What happens if that theft is achieved by infiltrating the client’s law firm? The damages inflicted from the loss of trade secrets can severely undermine your client through lost revenue, lost employment, damaged reputation, lost investment for research and development, and interruption in production. It could even result in the client going out of business. Economic espionage costs billions of dollars annually and can put national security at risk. Theft attempts by competitors and foreign adversaries are becoming more brazen and more varied in their approach. You must be prepared. An FBI special agent will explain ways to recognize economic espionage, provide security training to your personnel and develop an insider threat program. #ILTALSS #LSS28
Social networking plays an increasingly important role in business and in our personal lives. Wall posts, tweets and videos by and among employees could reveal important company information or even security flaws that allow hackers to defeat the controls of ANY BUSINESS. Attend this presentation to learn how social networking, media and blog activity can be used to compromise the security controls of YOUR ORGANIZATION. We’ll explain the tools and techniques used to mine data and how the information is leveraged against the individual and an institution. You’ll walk away with knowledge on how to steal an identity, defeat the perimeter controls of a network and gain physical access to the facility. #ILTALSS #LSS22
Windows 10 Enterprise introduces a number of new security features that may be promising options for law firms. Our speakers will demystify these features with a review of numerous security initiatives, including the Virtual Secure Mode platform, application whitelisting through DeviceGuard, authentication via Windows Hello for Business and incident response through Windows Defender Advanced Threat Protection. They will also discuss the challenges of deploying and managing these technologies within the legal ecosystem. #ILTALSS #LSS26
Defeating the modern cyber attacker is no longer based on prevention alone. Predictive visibility, detection, incident handling, and post-incident analysis all play critical roles in attack avoidance, early detection, and streamlined incident response. Distributed Deception Platforms (DDP) are now recognized as a core technology for advanced threat detection, automating investigations, and incident response. Join this session to learn how the Attivo Networks Deception and Response Platform changes the game on attackers by closing the detection deficit and by accelerating incident response. #ILTALSS #SL04
When something goes wrong in our network environments, our first consideration is usually restoring service as quickly as possible. We image workstations, rebuild servers and scramble to get systems back online. But in a security incident, these actions can make it difficult or impossible to determine what happened, covering the tracks of an attacker or erasing all signs of the incident. Join us for a discussion of the things your first responders should know to help protect forensic information and keep your investigative options open. #ILTALSS #LSS32
In 2016, one out of five organizations experienced a security breach through mobile devices. As attorneys rely more on their devices for doing business, new threats are emerging. Learn how threats like Hummingbad, Trident, Quadrooter and others can infect your mobile devices and what your firm should be doing to protect them. #ILTALSS #LSS29
Law firms remain prime targets for attacks, and regulations are getting more stringent. How many firms are actually prepared for the General Data Protection Regulation (GDPR)? Law firms qualify as third-party providers, which will affect firms in the U.S. It's no different from HIPAA compliance – firms are covered entities. In the U.S., the New York Department of Financial Services regulation will also apply to firms and requires you to limit access to data to only those who need it. That means an end to "optimistic" security models. Firms will need to lock down content and implement "need to know" security. Are you ready for that? #ILTALSS #LSS13
The Internet of Things (IoT) has garnered a lot of attention over the past few years. Home security concerns over hacking of internet-connected personal and household devices and loss of privacy due to monitoring of personal routines are on the rise. Add voice control to those devices and place them in the home, the office, the car and on ourselves, and we may have created the perfect storm for both personal and professional information breaches and privacy loss. But this doesn't have to be a risky business. Come learn about voice-activated devices that connect to the internet as our speaker shares use case examples and their related risks. Explore ways to set controls on the most commonly encountered devices and identify potential updates to your firm’s policies that address the risk associated with the use of these devices. As an added bonus, this session will kick off with results from an onsite voice-activated IoT study conducted on the first day of this year’s LegalSEC Summit. #ILTALSS #LSS31
In January 2017, the ACC published the, “Model Information Protection and Security Controls for Outside Counsel Possessing of Company Confidential Information.” Shared Assessments has been publishing cross industry security baselines for many years. The ISO 27001 international standard is gaining traction in legal. How can we rationalize these different sets of guidelines? Where do we focus?
Come hear Amar Sarwal of the ACC, Jonathan Dambrot of the Shared Assessments Steering Committee break it all down for us.
Avoiding systems failures and loss of service can (and should!) be a significant focus of any law firm. Despite your best efforts to prevent system failures, it can still happen. What do you do when this occurs? Let's discuss how to keep functioning during a crisis. #ILTALSS #LSS33
With an ever-increasing number of cyber threats, the importance of adding visibility and depth to security programs while reducing complexity and noise is at an all-time high. A growing number of products can provide relief by leveraging analytics and computer intelligence to quickly cull data and identify suspicious behavior. Join us to learn how to implement and leverage Microsoft’s Advanced Threat Analytics (ATA) platform to improve your security posture. See how ATA can be used to identify existing weaknesses, such as unsecure authentication methods, and how ATA can alert you to malicious activities such as account enumeration, lateral movement and escalation of privileges. Our panelists will share real-life experiences on their deployments and offer actionable findings that can be used to improve your security analytics capabilities immediately. #ILTALSS #LSS35
Get ready for a comprehensive overview of what's new to security in Server 2016 since Server 2008. We'll review ways to automate the rollout of these features and the group policy/system management tools to implement them. You'll also learn best practices for addressing legal-specific software that is server-based. #ILTALSS #LSS34