case studY A
 
  Pivot Group Ends a Disgruntled Employee's Reign of Terror
  1. DYNAMICS
    1. Medium-Size Law Firm
    2. One Location
    3. Major Practice Areas = Corporate and Class Action Litigation
    4. Primarily a Windows Environment

  2. INFORMATION SECURITY ISSUES
    1. Disgruntled Employee
    2. Security Breach
    3. NO Protection of Confidential Information
    4. NO Back-Up and Recovery Plan
    5. NO IT Security Policies

  3. BUSINESS ISSUES
    1. Loss of Confidential Information
    2. NO System or Application Back-Ups
    3. Threat of Extortion
    4. Firm Liability and Reputation

  4. SECURITY SOLUTIONS
    1. Notify Appropriate Authorities
    2. Change All Access Controls
    3. Back-Up All Systems and Data
    4. Notify Clients
    5. Deploy Access Monitoring Tools
    6. Regular Assessments
    7. Develop and Enforce Access, Appropriate Use, and Incident Response Policies
    8. Deploy Automated, Secure Back-Up and Recovery Policies as well as Technologies
    9. Security Training and Education

  5. OUTCOME
    1. Firm was able to salvage all data. Provided enough evidence to issue a warrant for his arrest and pursue a civil lawsuit against the Disgruntled Employee.
    2. Firm implemented a proactive security program in order to mitigate future damages from security breaches in a more cost effective manner.    
 
copyright | privacy | terms of use | site map