Monthly Archive October 2017
eDisclosure: the issues facing law firms and solicitors
by Alan Batey
Information Security Consultant and Forensic Investigator
In today’s world, evidence in legal cases is sourced from the vast quantities of Electronically Stored Information (ESI) that exists across a range of platforms and devices. Acting on behalf of clients, large law firms may have access to eDisclosure platforms to sift, sort, redact and reduce the amount of data that is made available, keeping only those files with relevance to the case in a legally recognised format which preserves the integrity of the data and stands the ultimate test of court acceptance. Smaller firms may not have operated an eDisclosure platform, considering it too expensive or shying away from the complex technology. This is not altogether surprising.
ESI comes from a number of sources; from emails, texts, voicemails messages, word-processed documents and databases, including documents stored on portable devices such as memory sticks and mobile phones. In totality it includes an unfeasibly large and complex volume of files. SRM was recently involved in an eDisclosure case where the original ESI involved 1.2TB of data which, in this particular instance, was reduced to 160GB. Although hundreds of gigabytes is more usual, this is still more data than can effectively be processed in a legally acceptable manner without the use of sophisticated management and tools.
Yet many who engage with eDisclosure Platforms find the process is unsatisfactory. They may require assistance with the forensic discovery of electronic documents or need more support in managing the information security risks surrounding the placing of confidential information on a Cloud or server based platform. They may feel their technology partner is unsupportive or that the cost of the exercise lacks transparency. Ultimately, some are worried about the security issues of releasing sensitive information to a third party.
eDisclosure (sometimes known as eDiscovery) projects require extremely high levels of skill, technical expertise and diligence. At SRM we work in conjunction with the legal team to advise and execute the eDisclosure requirement for their client. We define each stage and advise on the ongoing process and progress giving a full breakdown of costs for each stage. Our service is at the cutting edge of eDisclosure technology, saving the clients time and money while achieving best results. We also work effectively and strategically to ensure that disruption to the client’s business is minimal.
When such large volumes of data are made available to a third party, trust is crucial. Our eDisclosure team includes individuals who have worked with the police, MOD and FTSE100 companies. We are the leading PCI Forensic Investigation company in the UK and cyber security supplier to HM Government.
SRM provides a range of highly professional cost-effective solutions, suitable for all sizes of law firms. From the provision of a low cost ‘E-Disclosure Lite’ package to the involvement of Expert Witness Forensic Consultants or the use of a Virtual Chief Information Security Officer VCISOtm.
Can Decision Cycles help us maintain the initiative in cyberspace?
As our world gets increasingly complex we must choose the levers we use to influence it with care. One way to look at this is through the lens of decision cycles.
For those not familiar with this concept, decision cycles are the cyclic process through which we perceive a stimulus, understand its implications, decide on a response and implement that decision. (There are a number of models and references). Simplistically, if we can make effective decisions quicker than our opponents, then we will, theoretically, hold the initiative.
The decision cycle lens is a useful one for those responsible for making decisions about cyber related issues as it throws any dangerous policies into harsh relief.
Most businesses work in a world where their policies, and here I’m talking about management intent rather than paperwork, refresh on a 12 month cycle based on standards which tend to refresh on a 5 year cycle. I note many will be smiling ruefully at this optimistic view!
In today’s information environment many of our risks are changing on a much smaller (faster) cycle, measured in days and weeks rather than months. Our operational tempo is defined not just by the speed of change, but by the way that the speed of change is accelerating.
This presents us with an exciting challenge; if we rely on static policy and processes – and many organisations still do – then we must expect our adversaries to outmanoeuvre us, and our risks to out evolve.
Where does this take us? Decision Cycle theory gives us a number of areas where we can hard wire agility into our business systems.
* Firstly, we can ensure that our warning, reporting, alarm and monitoring systems (Technical and Procedural) are tuned to report those events that most concern us.
* Secondly, we can ensure that we fully understand our own vulnerabilities and sensitivities, and the impact that adverse events will have on our operations. We can test and exercise those scenarios that most concern us. We can challenge our own assumptions. This will enable us to understand impacts and qualify outcomes more quickly.
* Thirdly, we do need to understand our own options, their limitations, and review these on a regular basis. This will enable us to make decisions more quickly.
* Finally, we need to ensure that our implementation of these decisions are well planned and where possible, practiced. We must also review effectiveness at every level and make changes that are required at any part of the cycle.
All of this would seem to be common sense… though is often not done in practice. There are many reasons for this, ranging from technical inertia to process stagnation. The important thing is that we acknowledge and track our challenges – then we can mitigate the changing risks.
If we are able to design agility into our business systems and processes, and if we tune our organisations so that we can take a proactive posture, then we can keep the initiative. The simple decision cycle model then gives us an easy way to challenge our posture on a regular basis to establish where and when change is required.
This is not rocket science, but many of us do seem to find it surprisingly hard. This simple model is one way of stepping forward and bringing effect to bear in our defence.
PCI SSC Europe Community Meeting: free one to one meetings with PCI DSS industry thought leaders
Delegates at the PCI SSC Europe Community Meeting in Barcelona this week will have a lot on their minds. Changes to compliance, the security of customer payment card data, issues concerning the Cloud and the ever-present threat presented by hackers and cyber criminals will have brought the industry together to share in a range of seminars and talks which will help to address these issues.
The agenda is diverse ranging from the keynote presentation by the PCI Security Standards Senior Team on Wednesday to an outline of the security road map for the next generation of payments; from the Miracle on the Hudson to the weaknesses in IoT. So why, with all this information readily available, and so many people offering advice, should you spare half an hour to talk to the guys from Security Risk Management (SRM)?
The short answer is this: people. Yes, we are the leading PCI Forensic Investigation company in the UK and cyber security supplier to HM Government. Yes, our team boasts some of the most highly qualified professionals within the world of information security and, yes, our clients range from enterprises and government departments to SMEs and the third sector so we understand all sizes and types of organisation. But when it comes to working with your business, it is the individuals who really make the difference.
Paul Brennecker has been with SRM since 2008. Formerly he was PCI Compliance Manager with Barclaycard and successfully drove the compliance programme forward, working with both VISA and Mastercard in the process. With many years’ experience and a host of high level qualifications (including QSA), Paul is widely recognised as a PCI DSS compliance thought leader, regularly speaking at events. Known for his approachable manner and depth of knowledge, he has a particular skillset in conducting pre-compliance scoping and de-scoping exercises, conducting gap analysis assessments, creating remediation plans and assisting with intrusion detection and prevention systems. Paul is available at the Barcelona event for free one to one consultations.
James Hopper is SRM’s Operations Director, having worked previously within the worlds of consultancy and local government service improvement, delivering significant Transformation Programmes. He also has experience in consultancy, operations and innovation with a large FTSE 100 outsourcing company and a large NHS organisation. James brings this vast strategic experience to the process of company-wide information security solutions. At SRM he ensures that our service is constantly evolving to deliver first class service to a range of clients across many sectors. With a reputation as a clear-thinking no-nonsense problem-solver, James can cut through to what is specifically required so that top level compliance can be achieved in a cost-effective manner. James is also available at the Barcelona event for free one to one consultations.
James and Paul are interested in meeting those involved with PCI DSS compliance programmes. They also have a thorough knowledge of the whole information security sector and can advise on other issues as part of a company-wide strategy. But they are only two people from a highly skilled, experienced team and, where necessary, they can put you in touch with someone with a specific expertise.
Established in 2002, SRM has a proven track record in the industry. As a company it continues to grow in excess of industry norms. It is structured to respond to the continual changes within the world of information security and to ensure that its innovative service offerings evolve to better suit the needs of existing and future clients.
To book your free consultation simply email firstname.lastname@example.org or email@example.com.
To find out more about us, visit http://www.srm-solutions.com or to read our blog visit http://blog.srm-solutions.com/
What is Red Team engagement?
By Andrew Linn, Principal Consultant
The news this year has been full of high profile hacks on large organisations. These have included viral and ransomware attacks which have brought associative notoriety to a number of mysterious hacking groups and their victims: Shadow Brokers captured US National Security Agency (NSA) tools in April while The Mr Smith hackers breached HBO’s security in August.
Of course, anyone reading the news knows these were not isolated incidents. Other notable attacks included WannaCry ransomware, various forms of Petya malware and Cloudbleed. With ingenuity, intelligence and malicious intent on their side, hacker groups use their collective skills to exploit any weaknesses in an organisation’s cyber defences. So how can an organisation defend itself from the bad guys? By working with the good guys through Red Team engagement.
To counteract the offensive strategies of gifted hackers, you need equally gifted counter-hackers. Red Teaming is not a penetration test; it is more of a philosophy which involves acting as a potential adversary. The Red Team focuses on the objective of the engagement and examines this from a number of different angles pulling together a plan of attack using a range of different techniques and abilities; testing procedural, social and physical components of security in addition to technical controls. Penetration testing techniques and skills form one aspect of Red Teaming but the service goes well beyond that; to the use of an adversarial mindset to determine strategy and policy making.
In practice, Red Team engagement involves working with ethical, skilled and experienced professionals who act like true hackers, simulating internal and external hacking attempts to test the response on a client’s system. With client permission, the Red Team seeks to break through the hardened perimeter, using the weakest identifiable point, to gain access to the organisation’s system. Using common hacking techniques they seek to gain a foothold; tunnelling traffic back through ports that are commonly open within a business, usually via the web, so they can communicate with their own servers on the outside without being detected. These benign servers are then used to control devices, which have either been placed or hacked, on the inside of the client’s organisation.
In addition to a rigorous examination of the organisation’s security controls, a Red Team engagement will exercise incident detection, response and management. This can be linked to a wider incident simulation process testing procedures and response capability throughout the business.
Opening up an organisation’s entire network and allowing a third party to effectively breach security defences requires a high degree of trust. Experienced, highly qualified Red Teams are few and far between. At SRM our Red Team is comprised of ex-police High Tech Crime Unit officers, qualified ethical hackers and includes holders of the Offensive Security Certified Professionals (OSCP). At SRM OSCP training is part of our ongoing professional development programme.
eDiscovery and eDisclosure: why, what, how and who?
For many years the terms eDiscovery and eDisclosure have been used interchangeably. The general rule was that eDiscovery was a US term while eDisclosure was more commonly used in the UK. Recently, however, the terms have taken on more precise meanings. Both eDiscovery and eDisclosure relate to the processing and production of Electronically Stored Information (ESI) data, usually for legal proceedings.
Nowadays evidence is not limited to written correspondence. It can take the form of emails, texts, voicemail messages, word-processed documents and databases and documents stored on portable devices such as memory sticks and mobile phones.
Added together these can amount to hundreds of thousands of documents relating to multiple sources; not all of which has any relevance to the legal matter in hand. So they need to be sorted in a legally recognised way, in their original state and in a way that maintains the integrity of the data.
eDisclosure describes the ‘what’ element of the process. In short, it describes the provision of ESI in a format that can be shared by lawyers for production in court. It is a specific term used in the Civil Procedure Rules of England and Wales but is also widely used by those involved in the processing of ESI for legal purposes. The reduction of the volume of data needs to be processed so that all potentially relevant files are available in one place to the opposing counsels and the court.
eDiscovery describes the ‘how’ element of the process. Not all eDiscovery cases lead to legal proceedings. eDiscovery is the process of utilising tools to discover relevant data required to secure interrogation, efficient expert analysis and surety of deliverables which face the ultimate test of court acceptance. It involves the sifting of data for relevance, the redaction of files and the reduction of the sheer volume of data. In a recent eDiscovery project conducted by SRM’s specialist team 1.2TB of data was reduced to 160GB.
eDiscovery and eDisclosure projects require extremely high levels of skill, technical expertise and diligence. At SRM we work on behalf of the client but in conjunction with the legal team to advise and execute the eDiscovery requirement. We define each stage and advise on the ongoing process and progress giving a full breakdown of costs for each stage. Our service is at the cutting edge of legal technology, saving our clients time and money while achieving best results. We also work effectively and strategically to ensure that disruption to the client’s business is minimal.
When such large volumes of data are made available to a third party, trust is crucial. Our eDiscovery and eDiscovery team includes individuals who have worked with the police, MOD and FTSE100 companies. We are the leading PCI Forensic Investigation company in the UK and cyber security supplier to HM Government.