Tuesday, May 29, 2007
Documentum and SharePoint: A Perfect Partnership
As more and more organizations recognize the value of the Microsoft SharePoint collaboration and content management platform, they are also realizing that their content management requirements often exceed what SharePoint can deliver. EMC has partnered with Microsoft to fully integrate the EMC Documentum platform with Microsoft Office SharePoint Server (MOSS) 2007 to fill in the gaps in content management but retain what SharePoint brings to the table in terms of services and UI. I recently talked with Lance Shaw, senior product manager at EMC, to learn more about the two products that resulted from this collaboration: Documentum Archive Services for SharePoint and Documentum Content Services for SharePoint.
According to Shaw, companies that are using SharePoint face several business challenges because of how easy it is for users to quickly get a SharePoint site up and running, which can lead to hundreds of thousands of sites across an organization. Companies are struggling to find cost-effective ways to manage all these disconnected information silos long-term and in a centrally controlled manner. "I talk to IT managers all the time who are concerned with the proliferation of SharePoint sites," said Shaw. "When you move into terrabytes of data, the long-term storage of that data becomes a cost concern. Companies need to be forward-looking and find a solution ahead of time rather be reactive a few years later." Companies also need to be concerned with information retention policies and compliance issues as well as electronic discovery for litigation purposes.
To address these concerns, EMC has created two products, which, used together, provide a total document management and archival solution: Archive Services for SharePoint and Content Services for SharePoint. Archive Services lets individuals use SharePoint as they normally would, but at some point the process or project is complete and data can be archived. Archive Services lets you move content to a designated Documentum repository to free up resources on your SharePoint server. The other half of the duo, Content Services, lets you browse, search, find, and take action on documents (depending on access controls), without having to leave SharePoint.
With these two tools, Documentum customers now have a friendly front-end for their information management infrastructure, and SharePoint users gain long-term storage, better compliance and retention policy capabilities, and enhanced content services that augment and extend the SharePoint platform and make it even more successful in an organization.
To view entire article: click here
---------------------------------------
Source: WindowsITPro
Destructive Nature: Decommissioning Legacy Drives
May 29, 2007: When you are decommissioning hard drives from old PCs and MFDs, make sure that the only thing being salvaged on the second hand market is the value of the hardware and not the information in it.
“Think about how much people spend on security,” said Jorge Silveira, Executive Director of Consulvest, the distributor for data destruction appliance, the “Dead on Demand” Digital Shredder. “Business will spend vast amounts on security, but what happens when you decommission a hard drive? People just don’t think about that.”
The black box does what its name says: it shreds digital information lurking on old hard drives, beyond forensic recovery. Part of Silveria’s marketing collateral is a certificate from the City of Portsmouth, New Hampshire Police Department.
The DS-200 Digital Shredder is now being sold in Australia for A$20,000 or $460 per month on a 60 month lease.
According to Silveria, the three main methods of destroying information from hard drives are not fool proof. The problem with degaussing (removing an unwanted magnetic field) says Silveria, “is how do you verify it? By forensic testing? And how expensive is that?” Mechanical destruction using a drill, hammer or shredder only removes information from those parts destroyed while triple over-writing fails to delete shadow data and areas of the disk used for disaster recovery.
Silveria believes the $20,000 machine his company Consulvest is offering resolves these issues with its broad, low frequency magnetic sweep over the hard drive’s platter, eliminating all information from it. This, apparently, allows the sweep to go deeper and wider than when done at the normal frequency.
The digital shredder has three drawers (called “personality blocks”) in to which 2.5-3.5 inch, ATA, SATA or Scuzzy hard drives can be lodged and then inserted into the appliance for destruction. Destruction processes are controlled using a stylus and LCD touch screen where the command to “secure erase” can be activated.
To view entire article: click here
---------------------------------------
Source: idm.net.au
“Think about how much people spend on security,” said Jorge Silveira, Executive Director of Consulvest, the distributor for data destruction appliance, the “Dead on Demand” Digital Shredder. “Business will spend vast amounts on security, but what happens when you decommission a hard drive? People just don’t think about that.”
The black box does what its name says: it shreds digital information lurking on old hard drives, beyond forensic recovery. Part of Silveria’s marketing collateral is a certificate from the City of Portsmouth, New Hampshire Police Department.
The DS-200 Digital Shredder is now being sold in Australia for A$20,000 or $460 per month on a 60 month lease.
According to Silveria, the three main methods of destroying information from hard drives are not fool proof. The problem with degaussing (removing an unwanted magnetic field) says Silveria, “is how do you verify it? By forensic testing? And how expensive is that?” Mechanical destruction using a drill, hammer or shredder only removes information from those parts destroyed while triple over-writing fails to delete shadow data and areas of the disk used for disaster recovery.
Silveria believes the $20,000 machine his company Consulvest is offering resolves these issues with its broad, low frequency magnetic sweep over the hard drive’s platter, eliminating all information from it. This, apparently, allows the sweep to go deeper and wider than when done at the normal frequency.
The digital shredder has three drawers (called “personality blocks”) in to which 2.5-3.5 inch, ATA, SATA or Scuzzy hard drives can be lodged and then inserted into the appliance for destruction. Destruction processes are controlled using a stylus and LCD touch screen where the command to “secure erase” can be activated.
To view entire article: click here
---------------------------------------
Source: idm.net.au
Tips for a security team's role in e-discovery
Electronic discovery (e-discovery) is a topic generally limited to legal circles. Although recent case law and the revised Federal Rules of Civil Procedure (FRCP) are aimed squarely at judges and lawyers, both have profound implications for IT and security organisations, given the significant amount of electronically stored information (ESI) that is relevant for court cases.
In essence, IT teams are strategic helpers for enterprise litigation, and the choices they make for the creation, storage, archiving and destruction of information have significant effects on legal and regulatory evidence handling.
What this means is that it’s prudent for the security team to understand the core aspects of e-discovery law and practice. After all, the information lifecycle involves data availability, confidentiality and integrity — all critical security objectives. In addition, security practitioners should note the market landscape for e-discovery solutions and related products, including e-discovery point products, enterprise-search tools, classification systems and records archiving.
So, what’s the essence of e-discovery? Central to US judicial practice since the 1930s is the concept that parties in litigation are entitled to explore the facts fully (often resulting in out-of-court settlements) before presenting their cases to a judge or jury. Courtroom "surprises" may make for good television drama, but US judges frown on surprise as an element of justice.
Thus, the rules of procedure in federal and state courts require very liberal access in the discovery phase of litigation to any witnesses, documents, premises or "things" that might help assess each side’s legal claims and defenses. All of the preceding may be presented in a courtroom. Among these is ESI.
As security teams begin to ponder how to handle e-discovery, they often make some mistakes. First, they assume that they can best manage risk by saving all information forever. This isn’t true. Frankly, it’s not cost effective to save all data. Although storage continues to become cheaper with time, it’s not free and the amount of ESI created by organisations annually is staggering.
To view entire article: click here
---------------------------------------
Source: securecomputing.net.au
In essence, IT teams are strategic helpers for enterprise litigation, and the choices they make for the creation, storage, archiving and destruction of information have significant effects on legal and regulatory evidence handling.
What this means is that it’s prudent for the security team to understand the core aspects of e-discovery law and practice. After all, the information lifecycle involves data availability, confidentiality and integrity — all critical security objectives. In addition, security practitioners should note the market landscape for e-discovery solutions and related products, including e-discovery point products, enterprise-search tools, classification systems and records archiving.
So, what’s the essence of e-discovery? Central to US judicial practice since the 1930s is the concept that parties in litigation are entitled to explore the facts fully (often resulting in out-of-court settlements) before presenting their cases to a judge or jury. Courtroom "surprises" may make for good television drama, but US judges frown on surprise as an element of justice.
Thus, the rules of procedure in federal and state courts require very liberal access in the discovery phase of litigation to any witnesses, documents, premises or "things" that might help assess each side’s legal claims and defenses. All of the preceding may be presented in a courtroom. Among these is ESI.
As security teams begin to ponder how to handle e-discovery, they often make some mistakes. First, they assume that they can best manage risk by saving all information forever. This isn’t true. Frankly, it’s not cost effective to save all data. Although storage continues to become cheaper with time, it’s not free and the amount of ESI created by organisations annually is staggering.
To view entire article: click here
---------------------------------------
Source: securecomputing.net.au
Monday, May 28, 2007
Text wiped? Your spouse can find it...
Suspicious spouses are going hi-tech to prove their partners' affairs - through records of deleted texts stored on mobile phones.
Private investigators say today's sophisticated cellphones can store details of deleted texts for up to a year because of their superior memory capacity.
Paragon Forensics managing director Allan Watt said 30 per cent of its computer forensics workload related to matrimonial checks - but he believed most people were unaware information from deleted texts could be unearthed on the phone's internal memory system.
The system could not be wiped by the user, said Watt.
He said all phones capable of taking pictures had the large memory capacity.
"My new Nokia had 1000 texts on it with 50mb memory capacity."
The firm has also traced deleted emails on laptops - but it says it will do so only when couples are married or in legally recognised relationships because of privacy.
"Laptops are easier for husbands or wives to get hold of while the partner is away, but some people sleep with their mobile phones."
Sometimes wives were suspicious of computer porn and used the checks to establish how often porn sites were accessed and material downloaded.
"Every time you go on to an internet page, that is cached to the computer's hard drive," said Watt.
To view entire article: click here
---------------------------------------
Source: stuff.co.nz
Private investigators say today's sophisticated cellphones can store details of deleted texts for up to a year because of their superior memory capacity.
Paragon Forensics managing director Allan Watt said 30 per cent of its computer forensics workload related to matrimonial checks - but he believed most people were unaware information from deleted texts could be unearthed on the phone's internal memory system.
The system could not be wiped by the user, said Watt.
He said all phones capable of taking pictures had the large memory capacity.
"My new Nokia had 1000 texts on it with 50mb memory capacity."
The firm has also traced deleted emails on laptops - but it says it will do so only when couples are married or in legally recognised relationships because of privacy.
"Laptops are easier for husbands or wives to get hold of while the partner is away, but some people sleep with their mobile phones."
Sometimes wives were suspicious of computer porn and used the checks to establish how often porn sites were accessed and material downloaded.
"Every time you go on to an internet page, that is cached to the computer's hard drive," said Watt.
To view entire article: click here
---------------------------------------
Source: stuff.co.nz
Friday, May 25, 2007
Get Ready for the Rules Changes, Part VIII
A checklist for getting ready for the meet-and-confer and pretrial conference
The recent changes to the Federal Rules of Civil Procedure require litigants to have early discussions to address issues relating to the disclosure and production of electronically stored information. In the last several articles I have used preparing for the "meet-and-confer" as a model for understanding and addressing your case's e-discovery issues. Issues not settled through the meet-and-confer will go to the court at the pretrial conference or after.
Parties at the meet-and-confer must address four issues: 1) mandatory disclosure of all ESI; 2) what will not be produced, or produced only if the requesting party bears some or all of the cost of production, because the ESI is not "reasonably accessible because of undue burden or cost"; 3) the form of production; and, 4) "claw back" agreements to provide for the return of privileged documents inadvertently disclosed.
In the last several articles we have discussed in detail the steps of e-discovery preservation and production and used these discussions to address the Rules changes. In this month's column we will use a hypothetical case to run through a checklist of issues you will have to address to be ready for the meet-and-confer. We will walk through some of the processes that take place after the meet-and-confer, such as production of ESI, in order to arrive at the justifiable cost estimates needed to answer questions at the meet-and-confer and, if no agreement comes, to make winning arguments before the court.
Here is the hypothetical that will be our framework in working through the checklist:
You represent Venture Capital, Inc. On March 1, 2007, Investor served a complaint on VC alleging various flavors of fraud. At the heart of Investor's claim is that from March 2002 to January 2007 VC solicited over two million dollars from Investor to place into Investments A, B and C. The first overt act of fraud alleged in the complaint is said to have taken place in 2005. All three investments lost virtually all of their equity. The claim is that plaintiff invested the money because various VC employees knowingly made numerous material misrepresentations about the worthiness of the investments. VC has offices in Philadelphia, New York and San Francisco. It has a workforce in excess of 200 employees.
To view entire article: click here
---------------------------------------
Source: law.com
The recent changes to the Federal Rules of Civil Procedure require litigants to have early discussions to address issues relating to the disclosure and production of electronically stored information. In the last several articles I have used preparing for the "meet-and-confer" as a model for understanding and addressing your case's e-discovery issues. Issues not settled through the meet-and-confer will go to the court at the pretrial conference or after.
Parties at the meet-and-confer must address four issues: 1) mandatory disclosure of all ESI; 2) what will not be produced, or produced only if the requesting party bears some or all of the cost of production, because the ESI is not "reasonably accessible because of undue burden or cost"; 3) the form of production; and, 4) "claw back" agreements to provide for the return of privileged documents inadvertently disclosed.
In the last several articles we have discussed in detail the steps of e-discovery preservation and production and used these discussions to address the Rules changes. In this month's column we will use a hypothetical case to run through a checklist of issues you will have to address to be ready for the meet-and-confer. We will walk through some of the processes that take place after the meet-and-confer, such as production of ESI, in order to arrive at the justifiable cost estimates needed to answer questions at the meet-and-confer and, if no agreement comes, to make winning arguments before the court.
Here is the hypothetical that will be our framework in working through the checklist:
You represent Venture Capital, Inc. On March 1, 2007, Investor served a complaint on VC alleging various flavors of fraud. At the heart of Investor's claim is that from March 2002 to January 2007 VC solicited over two million dollars from Investor to place into Investments A, B and C. The first overt act of fraud alleged in the complaint is said to have taken place in 2005. All three investments lost virtually all of their equity. The claim is that plaintiff invested the money because various VC employees knowingly made numerous material misrepresentations about the worthiness of the investments. VC has offices in Philadelphia, New York and San Francisco. It has a workforce in excess of 200 employees.
To view entire article: click here
---------------------------------------
Source: law.com
Thursday, May 24, 2007
E-Evidence: Who Let the Dogs Out?
What is evidence? I won't quote Black's Law Dictionary or McCormick on Evidence, partly because I boxed mine when online legal research made my library obsolete, and because my well-thumbed copies inhabited a time when evidence was largely a thing or statement. We examined things. Witnesses made statements. After law school and apart from the occasional trial, lawyers rarely reflect on the nature of evidence. Like pornography, we know it when we see it. But with electronic evidence, we hardly see it anymore. No longer can we open a file drawer and wade in.
Now, we rely on experts and technicians using searches and filters to troll roiling oceans of data and process the catch of the day. By the time lawyers "see" electronic evidence, it's frozen fish sticks and canned tuna. Sorry, Charlie McCormick, 21st century lawyers don't go near the water.
RETHINKING ASSUMPTIONS
Fundamentals of evidence mastered in law school are still helpful, but some electronically stored evidence is so foreign to traditional assumptions that we need to rethink them. Who is charged with its content and custody? What's an original? How do we authenticate it? When/how do we allow its use?
We still expect lawyers to know the evidence in their cases and produce it, but electronic evidence forces counsel to rely on crude tools and methodologies and work through technical intermediaries of uneven ability who speak in acronyms and jargon. Lawyers are increasingly so disconnected from the evidence that when we search for evidence, we tend to find only what we seek instead of what's there to be found.
I see this glaringly manifested by colleagues who regard a text search for a handful of keywords as a sufficient effort. Just because Lexis or Westlaw make you feel like the Amazing Kreskin, a seat-of-the-pants keyword search in unstructured data is a whole different kettle of fish.
To view entire article: click here
---------------------------------------
Source: law.com
Now, we rely on experts and technicians using searches and filters to troll roiling oceans of data and process the catch of the day. By the time lawyers "see" electronic evidence, it's frozen fish sticks and canned tuna. Sorry, Charlie McCormick, 21st century lawyers don't go near the water.
RETHINKING ASSUMPTIONS
Fundamentals of evidence mastered in law school are still helpful, but some electronically stored evidence is so foreign to traditional assumptions that we need to rethink them. Who is charged with its content and custody? What's an original? How do we authenticate it? When/how do we allow its use?
We still expect lawyers to know the evidence in their cases and produce it, but electronic evidence forces counsel to rely on crude tools and methodologies and work through technical intermediaries of uneven ability who speak in acronyms and jargon. Lawyers are increasingly so disconnected from the evidence that when we search for evidence, we tend to find only what we seek instead of what's there to be found.
I see this glaringly manifested by colleagues who regard a text search for a handful of keywords as a sufficient effort. Just because Lexis or Westlaw make you feel like the Amazing Kreskin, a seat-of-the-pants keyword search in unstructured data is a whole different kettle of fish.
To view entire article: click here
---------------------------------------
Source: law.com
Your way through the legal maze
If you deal with personal and financial data, you may be familiar with the apparent contradiction that various data laws create. On the one hand, personal data can only be collected and used for the purpose it was originally collected for, and must be disposed of if it is surplus to requirements. But on the other hand, commercial and financial data must be retained to protect the organisation or its customers, usually for the purpose of law enforcement.
Managing data can be tricky, and in some cases organisations have found themselves in situations where they have been required to produce information which they have, as a matter of policy, destroyed.
Lee Richards, network manager at housing provider Twin Valley Homes, said, "This is an issue simply because you have data protection and human rights laws on one hand, and things like the Regulation of Investigatory Powers (RIP) Act on the other, where companies are under pressure to keep records for a certain number of years. It will come to a point where you will have to pull up information that has been destroyed."
According to Richards, a core issue that organisations face is the way that employees often include personal information in their business e-mails, even when negotiating contracts, for example. This might mean that an e-mail comes under more than one data law - for example, laws that govern commercial and financial data, as well as data protection legislation.
It is challenging to ensure that all employees adhere to a policy that requires them to keep their business e-mails strictly business all the time, said Richards. "How can you differentiate between business and personal information? You cannot separate them effectively unless you have two e-mail addresses, but how do you monitor that?"
Another issue is that e-mails could be forwarded unchecked outside the organisation, making it hard to guarantee to the relevant body that an e-mail has been destroyed completely. "If people forward an e-mail it becomes harder to control. One click of a button could create multiple issues," Richards said.
To view entire article: click here
---------------------------------------
Source: computerweekly.com
Managing data can be tricky, and in some cases organisations have found themselves in situations where they have been required to produce information which they have, as a matter of policy, destroyed.
Lee Richards, network manager at housing provider Twin Valley Homes, said, "This is an issue simply because you have data protection and human rights laws on one hand, and things like the Regulation of Investigatory Powers (RIP) Act on the other, where companies are under pressure to keep records for a certain number of years. It will come to a point where you will have to pull up information that has been destroyed."
According to Richards, a core issue that organisations face is the way that employees often include personal information in their business e-mails, even when negotiating contracts, for example. This might mean that an e-mail comes under more than one data law - for example, laws that govern commercial and financial data, as well as data protection legislation.
It is challenging to ensure that all employees adhere to a policy that requires them to keep their business e-mails strictly business all the time, said Richards. "How can you differentiate between business and personal information? You cannot separate them effectively unless you have two e-mail addresses, but how do you monitor that?"
Another issue is that e-mails could be forwarded unchecked outside the organisation, making it hard to guarantee to the relevant body that an e-mail has been destroyed completely. "If people forward an e-mail it becomes harder to control. One click of a button could create multiple issues," Richards said.
To view entire article: click here
---------------------------------------
Source: computerweekly.com
Sloppy Procedures, Hidden Problems And Misteps Open The Door To Data Thieves
"If you don't need it, don't store it." That's rule no. 1 when it comes to corporate data security, according to computer forensics expert A. Bryan Sartin.
Rule no. 2? Most victims have two things in common: The company was storing data it should not have been storing in the first place; and the data that fell into the wrong hands was data it didn't know it had.
And if there had to be a Rule no. 3, it would be this: Most victims of a data breach are unwitting enablers of that crime.
Don't think that could possibly be your company, or your IT department? Think again.
As a managing principal and vice president of investigative response at Cybertrust, a global information security specialist that helps customers secure data, protect identities, and demonstrate ongoing compliance, Sartin has led many high-profile data compromise investigations in the Americas, Europe, and Asia-Pacific. It's impossible to come away from a conversation with him about the prevalence of data breaches without being amazed at just how easy it is to leave the keys in the door, if not the door wide open, when it comes to data security. Not to mention how commonplace such mistakes are.
Not that cyber intruders necessarily need the help these days. There are some pretty sophisticated individuals and gangs of cyber thieves out there, and they could be specifically targeting your company or industry, or perhaps, just the software you use.
Some criminals succeed by learning everything they can about a specific application, particularly its weaknesses. Then they look for users of that application, and then they go to work, moving from company to company, harvesting information and selling it. It's not hard to find potential victims - most vendor web sites conveniently list their top customers. Sometimes, those lists are actually a "who's who of who got hacked into," Sartin says.
To view entire article: click here
---------------------------------------
Source: optimizemag.com
Rule no. 2? Most victims have two things in common: The company was storing data it should not have been storing in the first place; and the data that fell into the wrong hands was data it didn't know it had.
And if there had to be a Rule no. 3, it would be this: Most victims of a data breach are unwitting enablers of that crime.
Don't think that could possibly be your company, or your IT department? Think again.
As a managing principal and vice president of investigative response at Cybertrust, a global information security specialist that helps customers secure data, protect identities, and demonstrate ongoing compliance, Sartin has led many high-profile data compromise investigations in the Americas, Europe, and Asia-Pacific. It's impossible to come away from a conversation with him about the prevalence of data breaches without being amazed at just how easy it is to leave the keys in the door, if not the door wide open, when it comes to data security. Not to mention how commonplace such mistakes are.
Not that cyber intruders necessarily need the help these days. There are some pretty sophisticated individuals and gangs of cyber thieves out there, and they could be specifically targeting your company or industry, or perhaps, just the software you use.
Some criminals succeed by learning everything they can about a specific application, particularly its weaknesses. Then they look for users of that application, and then they go to work, moving from company to company, harvesting information and selling it. It's not hard to find potential victims - most vendor web sites conveniently list their top customers. Sometimes, those lists are actually a "who's who of who got hacked into," Sartin says.
To view entire article: click here
---------------------------------------
Source: optimizemag.com
E-discoveries have become indispensable for litigators - despite often staggering costs and challenges
Days after a boardroom showdown sent three top executives at Motion Picture Distribution LP out the door last July, a team of investigators set up camp in the company's Toronto offices to retrace the departed managers' electronic movements.
The forensic specialists from Deloitte & Touche sifted through tens of thousands of e-mails and electronic documents and presented Motion Picture's board with a report that could have read from the script of a Hollywood thriller. According to a court affidavit, the investigators uncovered a secret plan, code named "Project Godfather," which the trio allegedly hatched months earlier to negotiate with potential buyers without board approval.
Armed with the stunning electronic discovery, Motion Picture dispatched lawyers from Stikeman Elliott LLP to the Superior Court of Ontario to seek an injunction preventing the top departed executive, former chairman Victor Loewy, from joining rivals or divulging corporate secrets. Stikemans partner Alan D'Silva asked for the injunction on Aug. 24 and a temporary order was granted by Mr. Justice John Ground on Aug. 25. Weeks later, Mr. Loewy signed a peace accord and returned to Motion Picture as a consultant.
Such sweeping injunctions against high profile executives are rare and it is almost unheard of to see them granted a mere day after the motion is filed. Why did Judge Ground move with such speed? Because Motion Picture was packing one of the hottest litigation weapons available today: electronic or e-discoveries of tell-tale computer hard drives and servers.
To view entire article: click here
---------------------------------------
Source: theglobeandmail.com
The forensic specialists from Deloitte & Touche sifted through tens of thousands of e-mails and electronic documents and presented Motion Picture's board with a report that could have read from the script of a Hollywood thriller. According to a court affidavit, the investigators uncovered a secret plan, code named "Project Godfather," which the trio allegedly hatched months earlier to negotiate with potential buyers without board approval.
Armed with the stunning electronic discovery, Motion Picture dispatched lawyers from Stikeman Elliott LLP to the Superior Court of Ontario to seek an injunction preventing the top departed executive, former chairman Victor Loewy, from joining rivals or divulging corporate secrets. Stikemans partner Alan D'Silva asked for the injunction on Aug. 24 and a temporary order was granted by Mr. Justice John Ground on Aug. 25. Weeks later, Mr. Loewy signed a peace accord and returned to Motion Picture as a consultant.
Such sweeping injunctions against high profile executives are rare and it is almost unheard of to see them granted a mere day after the motion is filed. Why did Judge Ground move with such speed? Because Motion Picture was packing one of the hottest litigation weapons available today: electronic or e-discoveries of tell-tale computer hard drives and servers.
To view entire article: click here
---------------------------------------
Source: theglobeandmail.com
Document Management: DiscoveryBox Introduces Beta Version Of Its First-To-Market, End-To-End Electronic Discovery Management Software
DiscoveryBox introduced at the EMC World conference ( www.emcworld2007.com) recently the beta version of its flagship software product for managing the electronic discovery process from the beginning of a legal matter until its resolution.
DiscoveryBox enables organizations to take control of the costly and cumbersome discovery process for electronic documents and to meet new federal e-discovery mandates. With its unique legal hold repository, DiscoveryBox allows companies to deploy a comprehensive solution that leverages their existing document management platforms.
“Among the e-discovery solutions in the market, only DiscoveryBox provides an integrated solution that manages the process from preservation of documents through production and even re-use for subsequent cases,” said Riki Fujitani, President of DiscoveryBox.
Under the new Federal Rules of Civil Procedure that took effect in December, companies have a duty to preserve electronic documents and to produce those documents in a timely fashion during the legal discovery process. These new rules present corporations with the most compelling compliance mandate since the Sarbanes-Oxley Act. Companies that fail to meet those standards risk costly court sanctions and adverse judgments.
“Companies are looking to manage the costs of electronic discovery by enforcing consistent and repeatable process workflows, and many are looking to build these litigation-readiness capabilities in house, rather than outsourcing to third parties, " said Vivian Tero, Senior Research Analyst, IDC. "Solutions like those from DiscoveryBox allow companies to build their in-house eDiscovery management capabilities by leveraging existing document management platform investments."
To view entire article: click here
---------------------------------------
Source: ecmconnection.com
DiscoveryBox enables organizations to take control of the costly and cumbersome discovery process for electronic documents and to meet new federal e-discovery mandates. With its unique legal hold repository, DiscoveryBox allows companies to deploy a comprehensive solution that leverages their existing document management platforms.
“Among the e-discovery solutions in the market, only DiscoveryBox provides an integrated solution that manages the process from preservation of documents through production and even re-use for subsequent cases,” said Riki Fujitani, President of DiscoveryBox.
Under the new Federal Rules of Civil Procedure that took effect in December, companies have a duty to preserve electronic documents and to produce those documents in a timely fashion during the legal discovery process. These new rules present corporations with the most compelling compliance mandate since the Sarbanes-Oxley Act. Companies that fail to meet those standards risk costly court sanctions and adverse judgments.
“Companies are looking to manage the costs of electronic discovery by enforcing consistent and repeatable process workflows, and many are looking to build these litigation-readiness capabilities in house, rather than outsourcing to third parties, " said Vivian Tero, Senior Research Analyst, IDC. "Solutions like those from DiscoveryBox allow companies to build their in-house eDiscovery management capabilities by leveraging existing document management platform investments."
To view entire article: click here
---------------------------------------
Source: ecmconnection.com
Data deduplication hot despite hard drive explosion
Data deduplication has shot up the charts on TheInfoPro's hot technology index, released this week, replacing file virtualization as the storage technology generating the most interest among some 152 respondents from Fortune 1000 companies.
Robert Stevenson, managing director of TheInfoPro's storage sector, said he's rarely seen a technology hit No. 1 so quickly. "It's a very rapid move up -- 10 slots in six months -- and much faster than I anticipated."
File virtualization, which topped the heat index six months ago, remains in the top three, and block-based virtualization also "moved up substantially" from No. 8 in the previous survey to the fourth spot this time around, according to Stevenson. "This shows me in general that consolidation activity is at an all-time high."
However, 40% of respondents said backup was the largest drain on time in the data center (beaten out only by first time provisioning of storage arrays). "There's a sense here that there has to be a way to cut out the largest workload, which is often backup," Stevenson said. "There's a pressure cooker -- we have to find a way to innovate [when it comes to backup] or we're going to be stuck."
Yet storage growth continues
The fact that the current focus remains on backup, and, Stevenson said, reducing backup to tape in particular, could explain why a separate study released by IDC today forecasted an explosion in shipments of hard disk drives over the next four years, to 675 million units and approximately $37 billion in revenue worldwide by 2011.
To view entire article: click here
---------------------------------------
Source: searchstorage.techtarget.com
Robert Stevenson, managing director of TheInfoPro's storage sector, said he's rarely seen a technology hit No. 1 so quickly. "It's a very rapid move up -- 10 slots in six months -- and much faster than I anticipated."
File virtualization, which topped the heat index six months ago, remains in the top three, and block-based virtualization also "moved up substantially" from No. 8 in the previous survey to the fourth spot this time around, according to Stevenson. "This shows me in general that consolidation activity is at an all-time high."
However, 40% of respondents said backup was the largest drain on time in the data center (beaten out only by first time provisioning of storage arrays). "There's a sense here that there has to be a way to cut out the largest workload, which is often backup," Stevenson said. "There's a pressure cooker -- we have to find a way to innovate [when it comes to backup] or we're going to be stuck."
Yet storage growth continues
The fact that the current focus remains on backup, and, Stevenson said, reducing backup to tape in particular, could explain why a separate study released by IDC today forecasted an explosion in shipments of hard disk drives over the next four years, to 675 million units and approximately $37 billion in revenue worldwide by 2011.
To view entire article: click here
---------------------------------------
Source: searchstorage.techtarget.com
Monday, May 21, 2007
Is speech recognition finally good enough?
Better hardware and algorithms nudge the technology closer to its 10-year promise of supplanting keyboards
"For me it's a lifesaver," said Paul Langer, an attorney at the Chicago office of Mayer, Brown, Rowe & Maw. "I never learned to type."
His alternative to the keyboard is speech recognition (SR) software, in this case Dragon NaturallySpeaking (DNS) from Nuance Communications Inc. in Burlington, Mass. Now in Version 9.0, the introduction of DNS a decade ago marked the birth of continuous speech recognition -- previous SR software required the user to pause between words.
Review and video of DNS in actionRead about Lamont Wood's personal experience with Dragon NaturallySpeaking and see a video of how it actually works, with on-screen input, mistakes and corrections.
But problems with accuracy, and the need for an hour-long "enrollment" process to train the software to follow the user's voice, meant that typing didn't become obsolete in the intervening decade. However, things have changed.
"I don't know how accurate it is, but if it were not accurate enough, I would go back to typing," said Peter Laipson, a DNS 9.0 user who, unlike Langer, is also a fast typist.
"I use it to do nearly all my grading," continued Laipson, a history teacher from Arlington, Mass., working at a temporary job in San Francisco. "I will dictate comments on relevant parts of an essay and then summary comments at the end. With Dragon I need about 60% as much time to comment on a paper."
He does not claim it's 100% accurate, saying it was not suitable for text with a lot of slang, and recalling a time when it rendered "I really admire your analysis" as "I really admire urinalysis."
"It helps to have a sense of humor, but simple proofreading is enough," Laipson said.
Actually, retaining a sense of humor has been important for multiple reasons in the SR field. In 1993 two executives from Kurzweill Applied Intelligence (which pioneered SR for the medical market) went to prison for faking sales. That firm was sold in 1997 to a Belgium SR firm, Lernout and Hauspie (L&H), which was reporting phenomenal sales growth at the time. Dragon Systems, which originated DNS that year, was reporting only anemic growth, and L&H had no trouble acquiring Dragon Systems in early 2000 in a stock deal.
To view entire article: click here
---------------------------------------
Source: Computerworld
"For me it's a lifesaver," said Paul Langer, an attorney at the Chicago office of Mayer, Brown, Rowe & Maw. "I never learned to type."
His alternative to the keyboard is speech recognition (SR) software, in this case Dragon NaturallySpeaking (DNS) from Nuance Communications Inc. in Burlington, Mass. Now in Version 9.0, the introduction of DNS a decade ago marked the birth of continuous speech recognition -- previous SR software required the user to pause between words.
Review and video of DNS in actionRead about Lamont Wood's personal experience with Dragon NaturallySpeaking and see a video of how it actually works, with on-screen input, mistakes and corrections.
But problems with accuracy, and the need for an hour-long "enrollment" process to train the software to follow the user's voice, meant that typing didn't become obsolete in the intervening decade. However, things have changed.
"I don't know how accurate it is, but if it were not accurate enough, I would go back to typing," said Peter Laipson, a DNS 9.0 user who, unlike Langer, is also a fast typist.
"I use it to do nearly all my grading," continued Laipson, a history teacher from Arlington, Mass., working at a temporary job in San Francisco. "I will dictate comments on relevant parts of an essay and then summary comments at the end. With Dragon I need about 60% as much time to comment on a paper."
He does not claim it's 100% accurate, saying it was not suitable for text with a lot of slang, and recalling a time when it rendered "I really admire your analysis" as "I really admire urinalysis."
"It helps to have a sense of humor, but simple proofreading is enough," Laipson said.
Actually, retaining a sense of humor has been important for multiple reasons in the SR field. In 1993 two executives from Kurzweill Applied Intelligence (which pioneered SR for the medical market) went to prison for faking sales. That firm was sold in 1997 to a Belgium SR firm, Lernout and Hauspie (L&H), which was reporting phenomenal sales growth at the time. Dragon Systems, which originated DNS that year, was reporting only anemic growth, and L&H had no trouble acquiring Dragon Systems in early 2000 in a stock deal.
To view entire article: click here
---------------------------------------
Source: Computerworld
Vulnerability and Penetration Testing: What's the Difference?
If an enterprise turns to an outside vendor to help test security, how do they know what type of service they should ask for? Do they need a penetration test? How about a vulnerability assessment? Add to the mix that some vendors and consultants use these terms interchangeably, and many IT folks can find themselves in some very confusing discussions.
We don't typically stop to think about it, but we all need feedback in order to succeed. Imagine, for example, trying to cook a meal without periodically tasting it to see if the spices are right. When it comes down to it, trying to do anything -- even the simplest of tasks -- is much more difficult without empirical validation ("feedback").
Of course, when it comes to IT, it's sometimes very challenging to obtain the kind of feedback that we need to be successful.
Since most IT shops aren't profit centers, the measurements and observations that our business partners use to help "steer the ship" (such as profit/loss information) aren't always applicable to us. Add to that the fact that some areas within the IT purview are harder to test than others, and you have areas that are extremely difficult to validate performance-wise.
Help From Outside
Probably some of the hardest things to test within IT are issues related to security -- more specifically, vulnerability management tasks such as patch management and system hardening. Not only can it be damaging to attack systems in production, but many IT shops don't have personnel with experience to perform these attacks in-house. After all, we usually hire technical resources on their ability to keep system running -- not their skill in breaking into them.
As a consequence, many firms look to outside partners to help in this area. However, if an enterprise turns to an outside vendor to help out, how do they know what type of service they should ask for? Do they need a penetration test? How about a vulnerability assessment? Add to the mix that some vendors and consultants use these terms interchangeably, and many IT folks can find themselves in some very confusing discussions.
Both of these services fulfill two very different roles and help provide "feedback" on two very different sets of things. The goal of this article will be to lay out what each of these two services are, what they're useful for, and what enterprises might want to consider when favoring one over the other.
Vulnerability Assessment
A vulnerability assessment is a service designed to analyze the hosts in scope and find areas where attack might be more likely to occur, without necessarily exploiting the issues located. Specifically, a vulnerability assessment will typically involve investigation of the machine to determine whether current patches are applied, whether the system is configured in a manner that makes attack more difficult, and whether the system exposes any information that an attacker could use to gain leverage against other systems in the environment. Most vulnerability assessments will use a number of commercial and proprietary tools to minimize false positives, to provide action items on how to close the risks located, and will make suggestions about things the IT shop can do to make sure that the issues located don't resurface.
The inherent advantage of a vulnerability assessment is that the enterprise is looking at large number of systems and getting feedback on each of them in turn. In other words, at the end of the process, the enterprise will ideally have some idea of the risk of attack for each of the systems surveyed using known attack methods and techniques.
The inherent disadvantage of a vulnerability assessment is that since the actual attacks are not performed, it can sometimes be difficult to simultaneously test incident response procedures and/or other mitigation controls that might be in place in the event of a successful attack (e.g. logging and auditing methods).
Generally speaking, vulnerability assessment is a useful activity for shops that want to evaluate the processes/controls that they have in place for patch management, for secure configuration of hosts and, to some degree, security associated with system administration processes. To maximize the value of the information obtained from a vulnerability assessment, it is useful to specify to the vendor or internal team doing the work what types of feedback you are looking for and what metrics are important to your organization.
For example, if you have conducted a vulnerability assessment in the recent past, it can be useful to get data about how many vulnerabilities are "new" (meaning, not in the previous report); on the other hand, if you have multiple environments in use (e.g. UNIX and Windows) with different administrators and procedures, you may be interested in the breakdown of vulnerabilities in each environment.
To view entire article: click here
---------------------------------------
Source: eCommerceTimes
We don't typically stop to think about it, but we all need feedback in order to succeed. Imagine, for example, trying to cook a meal without periodically tasting it to see if the spices are right. When it comes down to it, trying to do anything -- even the simplest of tasks -- is much more difficult without empirical validation ("feedback").
Of course, when it comes to IT, it's sometimes very challenging to obtain the kind of feedback that we need to be successful.
Since most IT shops aren't profit centers, the measurements and observations that our business partners use to help "steer the ship" (such as profit/loss information) aren't always applicable to us. Add to that the fact that some areas within the IT purview are harder to test than others, and you have areas that are extremely difficult to validate performance-wise.
Help From Outside
Probably some of the hardest things to test within IT are issues related to security -- more specifically, vulnerability management tasks such as patch management and system hardening. Not only can it be damaging to attack systems in production, but many IT shops don't have personnel with experience to perform these attacks in-house. After all, we usually hire technical resources on their ability to keep system running -- not their skill in breaking into them.
As a consequence, many firms look to outside partners to help in this area. However, if an enterprise turns to an outside vendor to help out, how do they know what type of service they should ask for? Do they need a penetration test? How about a vulnerability assessment? Add to the mix that some vendors and consultants use these terms interchangeably, and many IT folks can find themselves in some very confusing discussions.
Both of these services fulfill two very different roles and help provide "feedback" on two very different sets of things. The goal of this article will be to lay out what each of these two services are, what they're useful for, and what enterprises might want to consider when favoring one over the other.
Vulnerability Assessment
A vulnerability assessment is a service designed to analyze the hosts in scope and find areas where attack might be more likely to occur, without necessarily exploiting the issues located. Specifically, a vulnerability assessment will typically involve investigation of the machine to determine whether current patches are applied, whether the system is configured in a manner that makes attack more difficult, and whether the system exposes any information that an attacker could use to gain leverage against other systems in the environment. Most vulnerability assessments will use a number of commercial and proprietary tools to minimize false positives, to provide action items on how to close the risks located, and will make suggestions about things the IT shop can do to make sure that the issues located don't resurface.
The inherent advantage of a vulnerability assessment is that the enterprise is looking at large number of systems and getting feedback on each of them in turn. In other words, at the end of the process, the enterprise will ideally have some idea of the risk of attack for each of the systems surveyed using known attack methods and techniques.
The inherent disadvantage of a vulnerability assessment is that since the actual attacks are not performed, it can sometimes be difficult to simultaneously test incident response procedures and/or other mitigation controls that might be in place in the event of a successful attack (e.g. logging and auditing methods).
Generally speaking, vulnerability assessment is a useful activity for shops that want to evaluate the processes/controls that they have in place for patch management, for secure configuration of hosts and, to some degree, security associated with system administration processes. To maximize the value of the information obtained from a vulnerability assessment, it is useful to specify to the vendor or internal team doing the work what types of feedback you are looking for and what metrics are important to your organization.
For example, if you have conducted a vulnerability assessment in the recent past, it can be useful to get data about how many vulnerabilities are "new" (meaning, not in the previous report); on the other hand, if you have multiple environments in use (e.g. UNIX and Windows) with different administrators and procedures, you may be interested in the breakdown of vulnerabilities in each environment.
To view entire article: click here
---------------------------------------
Source: eCommerceTimes
Sunday, May 20, 2007
Storage Tip: The authenticity of a found document
What seems to be the problem? Your IT organization has put in place proper procedures for deleting electronic documents, including e-mails. So it is no surprise when as a result of litigation your e-discovery process cannot turn up a particular document. However, to everyone's surprise the document turns up on your CEO's laptop. This is a very possible scenario. You must know whether the document is admissible as evidence in a civil lawsuit.
What do you need to know? Evidence is admitted in court only if it can be shown that the evidence is authentic. Authentic data must follow a chain-of-custody. So how does this work with a lost document that has now been found?
My expertise is storage, not litigation support, so I turned to AdamsGrayson Consulting, a dedicated e-discovery and data retention planning firm in Washington, D.C., as a resource. AdamsGrayson kindly provided me with the necessary information to answer the question.
"The answer is yes, the document can be submitted as evidence. Some intrinsic authentication exists by the fact that the document was found on the laptop. The laptop is a point of origin and it is the movement of the document from the laptop that needs to have a tracked chain of custody. The chain of custody (or audit trail) would then be used to authenticate the document in court (e.g. to prove that the document is what it purports to be -- an e-mail from x to y about z)."
A related question is, whether it matters if the document contains information that is favorable to the plaintiff or the defendant?
AdamsGrayson's answer is: "Whether the document is favorable to the plaintiff or defendant does not have an impact on whether the document can be submitted as evidence. However, the content of the document is likely to have an impact on which party is likely to state a challenge to its admissibility. For example, if the CEO's document is incriminating to the CEO, the opposing party may be unlikely to challenge its admissibility. And it may be difficult for the CEO's attorney to argue that the document found on the CEO's own computer is not authentic."
Now there are probably caveats (such as, is the laptop the point of origin for the document or did it originate elsewhere), but the main conclusion is that a found document is likely to be usable as evidence.
What can you do about it? You must put in place a sound data retention policy that includes mobile computing devices as well as everything that IT controls on a daily operational basis. You must put in place compliance monitoring procedures that try to prevent employees (including the CEO) from disregarding the policy. Failure to do so may result not only in the embarrassing discovery of a document that supposedly no longer exists, but could also end up being very expensive to your enterprise. Putting in place the proper policies, practices, and procedures may not be easy, but they must be done.
To view entire article: click here
---------------------------------------
Source: storage.itworld.com
What do you need to know? Evidence is admitted in court only if it can be shown that the evidence is authentic. Authentic data must follow a chain-of-custody. So how does this work with a lost document that has now been found?
My expertise is storage, not litigation support, so I turned to AdamsGrayson Consulting, a dedicated e-discovery and data retention planning firm in Washington, D.C., as a resource. AdamsGrayson kindly provided me with the necessary information to answer the question.
"The answer is yes, the document can be submitted as evidence. Some intrinsic authentication exists by the fact that the document was found on the laptop. The laptop is a point of origin and it is the movement of the document from the laptop that needs to have a tracked chain of custody. The chain of custody (or audit trail) would then be used to authenticate the document in court (e.g. to prove that the document is what it purports to be -- an e-mail from x to y about z)."
A related question is, whether it matters if the document contains information that is favorable to the plaintiff or the defendant?
AdamsGrayson's answer is: "Whether the document is favorable to the plaintiff or defendant does not have an impact on whether the document can be submitted as evidence. However, the content of the document is likely to have an impact on which party is likely to state a challenge to its admissibility. For example, if the CEO's document is incriminating to the CEO, the opposing party may be unlikely to challenge its admissibility. And it may be difficult for the CEO's attorney to argue that the document found on the CEO's own computer is not authentic."
Now there are probably caveats (such as, is the laptop the point of origin for the document or did it originate elsewhere), but the main conclusion is that a found document is likely to be usable as evidence.
What can you do about it? You must put in place a sound data retention policy that includes mobile computing devices as well as everything that IT controls on a daily operational basis. You must put in place compliance monitoring procedures that try to prevent employees (including the CEO) from disregarding the policy. Failure to do so may result not only in the embarrassing discovery of a document that supposedly no longer exists, but could also end up being very expensive to your enterprise. Putting in place the proper policies, practices, and procedures may not be easy, but they must be done.
To view entire article: click here
---------------------------------------
Source: storage.itworld.com
Thursday, May 17, 2007
Revised Federal Rules of Civil Procedure: Atlas E-Discovery Suite Improves the Automated Distribution of Retention Schedules, Legal Holds and Collecti
PSS Systems, the market leader in legal holds and retention management software, is shipping a new edition of its industry-leading Atlas suite, including enhancements to Atlas ERM™ enterprise retention management, and Atlas LCC™ legal holds and collections management. This new Atlas 2.4 suite provides an improved mechanism to automatically distribute retention schedules, legal hold orders and collection requests across the enterprise.
More details can be found at http://www.pss-systems.com/solutions
The Atlas suite has been in production use for two-and-a-half years by top-five Global 500 industry leaders in financial services, insurance, oil and gas, pharmaceuticals and telecommunications. Atlas handles tens of thousands of legal holds and collections and nearly a hundred thousand retention schedules for fifteen thousand business and legal users worldwide.
The recently revised Federal Rules of Civil Procedure that govern litigation in U.S. federal courts increase the pressure on companies to ensure that preservation and litigation processes consider all data sources, and encourage them to modernize retention programs to address information across the enterprise with more predictability, control and transparency.
To view entire article: click here
---------------------------------------
Source: marketwire.com
More details can be found at http://www.pss-systems.com/solutions
The Atlas suite has been in production use for two-and-a-half years by top-five Global 500 industry leaders in financial services, insurance, oil and gas, pharmaceuticals and telecommunications. Atlas handles tens of thousands of legal holds and collections and nearly a hundred thousand retention schedules for fifteen thousand business and legal users worldwide.
The recently revised Federal Rules of Civil Procedure that govern litigation in U.S. federal courts increase the pressure on companies to ensure that preservation and litigation processes consider all data sources, and encourage them to modernize retention programs to address information across the enterprise with more predictability, control and transparency.
To view entire article: click here
---------------------------------------
Source: marketwire.com
Of bytes and briefs
The courts are struggling to cope with information technology
A CHICAGO law firm recently put up a billboard with the slogan “Life's short. Get a divorce.” Also on the billboard were pictures of a hot babe in her underwear and a hot hunk in a towel—a sample of the delights that await the newly single. This is the kind of lawyer story that makes the evening news. Deeper, broader problems with America's legal system tend to be ignored. Electronic discovery is one.
What's that? Well, let's say you follow that Chicago law firm's advice and sue for divorce. And let's say your soon-to-be ex-spouse gets angry. His or her lawyers might then demand to inspect your hard drive so that they can, for example, acquaint the court with your love of porn before it decides who keeps the children.
As technology changes the way people communicate, the legal system is stumbling to keep up. The “discovery” process, whereby both parties to a lawsuit share relevant documents with each other, used to involve physically handing over a few boxes of papers. But now that most documents are created and stored electronically, it is mostly about retrieving files from computers. This has two important consequences.
First, e-discovery is more intrusive than the traditional sort. Catty or salacious gossip, the kind that was once swapped at the water cooler, is now often committed to e-mail. This is easy to subpoena and virtually impossible to erase. There is always a back-up somewhere, so even if you delete the e-mail privately denigrating a stock you are publicly urging your clients to buy, it will still be read out in court. If your firm is sued for sexual discrimination, expect the plaintiff to demand all the lewd e-mails your male executives have ever swapped with each other.
To view entire article: click here
---------------------------------------
Source: economist.com
A CHICAGO law firm recently put up a billboard with the slogan “Life's short. Get a divorce.” Also on the billboard were pictures of a hot babe in her underwear and a hot hunk in a towel—a sample of the delights that await the newly single. This is the kind of lawyer story that makes the evening news. Deeper, broader problems with America's legal system tend to be ignored. Electronic discovery is one.
What's that? Well, let's say you follow that Chicago law firm's advice and sue for divorce. And let's say your soon-to-be ex-spouse gets angry. His or her lawyers might then demand to inspect your hard drive so that they can, for example, acquaint the court with your love of porn before it decides who keeps the children.
As technology changes the way people communicate, the legal system is stumbling to keep up. The “discovery” process, whereby both parties to a lawsuit share relevant documents with each other, used to involve physically handing over a few boxes of papers. But now that most documents are created and stored electronically, it is mostly about retrieving files from computers. This has two important consequences.
First, e-discovery is more intrusive than the traditional sort. Catty or salacious gossip, the kind that was once swapped at the water cooler, is now often committed to e-mail. This is easy to subpoena and virtually impossible to erase. There is always a back-up somewhere, so even if you delete the e-mail privately denigrating a stock you are publicly urging your clients to buy, it will still be read out in court. If your firm is sued for sexual discrimination, expect the plaintiff to demand all the lewd e-mails your male executives have ever swapped with each other.
To view entire article: click here
---------------------------------------
Source: economist.com
The Data Boom: Can Law Firms Profit?
How top law firms are capitalizing on the explosion in electronic data discovery
In the fall of 2005, a small Israeli technology startup came to San Francisco's Morrison & Foerster with a lawsuit -- and, soon enough, a problem.
The company had been mired in a contract dispute with one of its business partners, a huge American tech concern, and, unable to reach a settlement, was taking the matter to court.
The stakes weren't particularly high -- just a few million dollars. But after the case was filed, the defendant hit back with an electronic discovery request -- every relevant e-mail, Microsoft Word file, spreadsheet, you name it -- so onerous that its cost alone would take a fair chunk of any judgment.
"We saw that it was going to take several hundred thousand dollars to do this," says Oz Benamram, director of knowledge management and Israel practice counsel at MoFo. In fact, there was nothing terribly unique about this situation. As more correspondence and information is stored electronically, e-discovery is requiring more time, and more dollars, than ever before.
What was different was MoFo's solution. Realizing that the standard way of reviewing documents -- having teams of associates, or lower-priced contract attorneys, sift through anything that could be relevant, deciding what was responsive and had to be turned over, and what was privileged and needed to be kept -- wasn't going to cut it, the firm suggested a radical approach: automate almost everything.
By searching the data by specific keywords, anything that was potentially responsive would quickly be found. A second search, on this smaller batch, would look for lawyer names that might flag privileged materials, and for keywords that might indicate sensitive documents. Only those records would be reviewed by humans; everything else would be turned over without a glance. "In the end, about 18 percent of the material we turned up was reviewed," says Benamram. "We saved 80 percent of the cost." (MoFo also won the case for its small client.)
To view entire article: click here
---------------------------------------
Source: law.com
In the fall of 2005, a small Israeli technology startup came to San Francisco's Morrison & Foerster with a lawsuit -- and, soon enough, a problem.
The company had been mired in a contract dispute with one of its business partners, a huge American tech concern, and, unable to reach a settlement, was taking the matter to court.
The stakes weren't particularly high -- just a few million dollars. But after the case was filed, the defendant hit back with an electronic discovery request -- every relevant e-mail, Microsoft Word file, spreadsheet, you name it -- so onerous that its cost alone would take a fair chunk of any judgment.
"We saw that it was going to take several hundred thousand dollars to do this," says Oz Benamram, director of knowledge management and Israel practice counsel at MoFo. In fact, there was nothing terribly unique about this situation. As more correspondence and information is stored electronically, e-discovery is requiring more time, and more dollars, than ever before.
What was different was MoFo's solution. Realizing that the standard way of reviewing documents -- having teams of associates, or lower-priced contract attorneys, sift through anything that could be relevant, deciding what was responsive and had to be turned over, and what was privileged and needed to be kept -- wasn't going to cut it, the firm suggested a radical approach: automate almost everything.
By searching the data by specific keywords, anything that was potentially responsive would quickly be found. A second search, on this smaller batch, would look for lawyer names that might flag privileged materials, and for keywords that might indicate sensitive documents. Only those records would be reviewed by humans; everything else would be turned over without a glance. "In the end, about 18 percent of the material we turned up was reviewed," says Benamram. "We saved 80 percent of the cost." (MoFo also won the case for its small client.)
To view entire article: click here
---------------------------------------
Source: law.com
Advisory Committee Modifies Proposed Evidence Rule 502 In Light of Public Comment Received, and Recommends Approval by Standing Committee
On May 15, 2007, the Advisory Committee on Evidence Rules issued its Report to the Standing Committee regarding its April 2007 meeting and its recommendations with respect to proposed Evidence Rule 502 on Waiver of Attorney-Client Privilege and Work Product. (The 83-page Report is available here.) The Report states that, at the April 2007 meeting, the Committee carefully considered all of the public comment received on the proposed rule, as well as other issues raised by members of the Committee. As a result, the Committee made a number of changes to the version of proposed Rule 502 that was issued for public comment. This new modified version of proposed Evidence Rule 502 is available here. The Committee's post-publication modifications to the proposed rule include the following:
1. Changes were made by the Style Subcommittee of the Standing Committee, both to the text as issued for public comment, and to the changes to the rule made at the April 2007 Evidence Rules Committee Hearing.
2. The text was clarified to indicate that the protections of Rule 502 apply in all cases in federal court, including cases in which state law provides the rule of decision.
3. The text was clarified to stress that Rule 502 applies in state court with respect to the consequences of disclosure previously made at the federal level – despite any indication to the contrary that might be found in the language of Rules 101 and 1101.
4. Language was added to emphasize that a subject matter waiver cannot be found unless the waiver is intentional – so that an inadvertent disclosure can never constitute a subject matter waiver.
5. The committee relaxed the requirements necessary to obtain protection against waiver from inadvertent disclosure. As amended, the inadvertent disclosure provision assures that parties are not required to take extraordinary efforts to prevent disclosure of privilege and work product; nor are parties required to conduct a post-production review to determine whether any protected information has been mistakenly disclosed.
6. The protections against waiver by mistaken disclosure were extended to disclosures made to federal offices or agencies, on the ground that production in this context can involved the same costs of pre-production privilege review as in litigation.
To view entire post: click here
---------------------------------------
Source: ediscoverylaw.com
1. Changes were made by the Style Subcommittee of the Standing Committee, both to the text as issued for public comment, and to the changes to the rule made at the April 2007 Evidence Rules Committee Hearing.
2. The text was clarified to indicate that the protections of Rule 502 apply in all cases in federal court, including cases in which state law provides the rule of decision.
3. The text was clarified to stress that Rule 502 applies in state court with respect to the consequences of disclosure previously made at the federal level – despite any indication to the contrary that might be found in the language of Rules 101 and 1101.
4. Language was added to emphasize that a subject matter waiver cannot be found unless the waiver is intentional – so that an inadvertent disclosure can never constitute a subject matter waiver.
5. The committee relaxed the requirements necessary to obtain protection against waiver from inadvertent disclosure. As amended, the inadvertent disclosure provision assures that parties are not required to take extraordinary efforts to prevent disclosure of privilege and work product; nor are parties required to conduct a post-production review to determine whether any protected information has been mistakenly disclosed.
6. The protections against waiver by mistaken disclosure were extended to disclosures made to federal offices or agencies, on the ground that production in this context can involved the same costs of pre-production privilege review as in litigation.
To view entire post: click here
---------------------------------------
Source: ediscoverylaw.com
An average Fortune 1000 enterprise has over 250 TB of storage space for archive-related content, says TIP
TheInfoPro announced that over 12 percent of Fortune 1000 (F1000) organizations consider archiving as one of their top storage initiatives, and 25 percent listed poor archiving capabilities as one of the key reasons for storage growth. The latest TIP Wave Storage Study finds that an average F1000 enterprise has over 250 TB of storage space dedicated to archive-related content.
The capacities of these archive tiers are anticipated to grow 52 percent by the end of 2007, as organizations build out archiving tiers, increasing the average from three to four classes of storage.
A primary driver for this increased attention to archiving capabilities is legal and regulatory compliance, which often calls for the preservation of more data for longer periods of time. Approximately 40% of F1000 organizations indicate a 10% or more increase in spending on legal and regulatory compliance, with a primary focus on improving archiving faculties to meet the legislative and industry-specific standards set forth by mandates such as the Securities Exchange Commission Rule 17A-4, the USA PATRIOT Act, and the Payment Card Industry Data Security Standard (PCIDSS).
"As organizations adjust their IT priorities to prove compliancy with federal regulations which require maintenance of data for extended periods of time, storage capabilities, particularly archiving data and intelligent data classification, have come to the forefront of data management," said Robert Stevenson, TIP’s Managing Director, Storage. "As a result, creating efficient, long-term email, application and e-discovery storage methodologies have become critical for F1000 organizations -- and even more troublesome in smaller companies -- as many applications, both legacy and new, have limited archiving capabilities."
To view entire article: click here
---------------------------------------
Source: tekrati.com
The capacities of these archive tiers are anticipated to grow 52 percent by the end of 2007, as organizations build out archiving tiers, increasing the average from three to four classes of storage.
A primary driver for this increased attention to archiving capabilities is legal and regulatory compliance, which often calls for the preservation of more data for longer periods of time. Approximately 40% of F1000 organizations indicate a 10% or more increase in spending on legal and regulatory compliance, with a primary focus on improving archiving faculties to meet the legislative and industry-specific standards set forth by mandates such as the Securities Exchange Commission Rule 17A-4, the USA PATRIOT Act, and the Payment Card Industry Data Security Standard (PCIDSS).
"As organizations adjust their IT priorities to prove compliancy with federal regulations which require maintenance of data for extended periods of time, storage capabilities, particularly archiving data and intelligent data classification, have come to the forefront of data management," said Robert Stevenson, TIP’s Managing Director, Storage. "As a result, creating efficient, long-term email, application and e-discovery storage methodologies have become critical for F1000 organizations -- and even more troublesome in smaller companies -- as many applications, both legacy and new, have limited archiving capabilities."
To view entire article: click here
---------------------------------------
Source: tekrati.com
EDRM Conference Brings E-Discovery Leaders Together as EDRM Model Gains Broader Industry Acceptance
Processes, Terminology and Framework Developed by Industry Group to Bring Clarity to Emerging Market
The Electronic Discovery Reference Model (“EDRM”), designed to develop and establish practical guidelines and standards for electronic discovery, today kicks off its annual conference to address the key issues in the emerging e-discovery industry. The conference, which attracts a broad audience of legal, IT and business executives, will cover a variety of topics ranging from e-discovery best practices and processes to developing an XML schema for metadata, and all of this content will be made available through the EDRM Website, www.edrm.net.
This year’s conference comes as EDRM is gaining broader acceptance and adoption from leading legal and IT industry organizations. This past winter, ALM Media’s Law.com site incorporated the EDRM Model into its own e-discovery framework for legal professionals. Gartner, Inc., a leading IT research and advising firm, will use the EDRM model as its framework to analyze products and services in the rapidly expanding electronic discovery market. “In our analysis of the market for products and services related to e-discovery, Gartner will use the Electronic Discovery Reference Model,” stated Gartner analysts Debra Logan, Whit Andrews and John Bace in a March 12, 2007, report entitled Key Issues for Electronic Discovery. “Created to address the lack of standards in the e-discovery market, the Electronic Discovery Reference Model lays out the discovery process in stages.”
Together, these items indicate a growing acceptance of EDRM as the industry standard for e-discovery processes and terminology among IT and legal departments as well as law firms. In addition, various corporations, law firms and service and software providers have begun to build their approaches to electronic discovery around the EDRM model.
“Because of the Federal Rules of Civil Procedure (FRCP) and several landmark legal cases, corporations and their law firms know that they have to ‘do something’ about e-discovery, but it’s a very fragmented and complex market,” said George Socha, co-founder of EDRM and president of Socha Consulting LLC. “We‘re pleased that these influential groups are using the EDRM model to advise clients and readers, and we anticipate that this will help drive greater adoption and standardization within the industry.”
To view entire article: click here
---------------------------------------
Source: businesswire.com
The Electronic Discovery Reference Model (“EDRM”), designed to develop and establish practical guidelines and standards for electronic discovery, today kicks off its annual conference to address the key issues in the emerging e-discovery industry. The conference, which attracts a broad audience of legal, IT and business executives, will cover a variety of topics ranging from e-discovery best practices and processes to developing an XML schema for metadata, and all of this content will be made available through the EDRM Website, www.edrm.net.
This year’s conference comes as EDRM is gaining broader acceptance and adoption from leading legal and IT industry organizations. This past winter, ALM Media’s Law.com site incorporated the EDRM Model into its own e-discovery framework for legal professionals. Gartner, Inc., a leading IT research and advising firm, will use the EDRM model as its framework to analyze products and services in the rapidly expanding electronic discovery market. “In our analysis of the market for products and services related to e-discovery, Gartner will use the Electronic Discovery Reference Model,” stated Gartner analysts Debra Logan, Whit Andrews and John Bace in a March 12, 2007, report entitled Key Issues for Electronic Discovery. “Created to address the lack of standards in the e-discovery market, the Electronic Discovery Reference Model lays out the discovery process in stages.”
Together, these items indicate a growing acceptance of EDRM as the industry standard for e-discovery processes and terminology among IT and legal departments as well as law firms. In addition, various corporations, law firms and service and software providers have begun to build their approaches to electronic discovery around the EDRM model.
“Because of the Federal Rules of Civil Procedure (FRCP) and several landmark legal cases, corporations and their law firms know that they have to ‘do something’ about e-discovery, but it’s a very fragmented and complex market,” said George Socha, co-founder of EDRM and president of Socha Consulting LLC. “We‘re pleased that these influential groups are using the EDRM model to advise clients and readers, and we anticipate that this will help drive greater adoption and standardization within the industry.”
To view entire article: click here
---------------------------------------
Source: businesswire.com
Wednesday, May 16, 2007
Computer Forensics Catches a Criminal
UBS-Painewebber manages stock transactions for its clients. UBS-PW processes transactions from all over the United States using a large computer network consisting of over 2,000 important servers in various locations. According to public record, UBS-PW was earning below its expectations in profits, like most companies experienced after the Sept. 11, 2001, terrorist attacks. As a result, most employees would not be taking home the bonuses they were promised in the preceding year.
The worst-case scenario for most companies sharing news like this with employees would be a higher-than-average rate of employee turnover. UBS Painewebber was not so lucky. On Monday March 4, 2002, a now-former UBS-PW systems administrator named Roger Duronio executed a logic bomb that disabled a large number of the important servers responsible for executing the stock trades when the stock market opened.
In order to understand the effect on UBS-PW, you must understand what a logic bomb does. A logic bomb is a malicious program that destroys computer data at a preset time. A logic bomb, minimally, contains two main subcomponents to destroy computer data: a "trigger" and a "payload." A trigger to a logic bomb is similar to the timer on a physical bomb. When the timer reaches zero, the bomb is detonated. The payload is the actual bomb that is executed in a logic bomb.
In the case of U.S. v. Duronio, the bomb was the standard Unix remove command hidden amongst other legitimate commands. The payload was triggered in such a way that it would delete all of the files on the important stock trading servers on the morning of March 4, 2002, which in turn would render them useless to UBS-PW employees and stock traders.
In this case, the logic bomb contained a third component called the "persistence mechanism." The persistence mechanism ensured that this logic bomb would always detonate at 9:30 a.m. on March 4, 2002. Even if the machine was rebooted, the logic bomb would accomplish its mission because of the persistence mechanism. Even if the systems administrator found one instance of the persistence mechanism, the other portion would ensure that the logic bomb would detonate. In my opinion, the use of this persistence mechanism demonstrated the deliberate premeditation and intention of the logic bomb's purpose. This logic bomb would take down numerous servers on the UBS-PW network on March 4, 2002.
To view entire article: click here
---------------------------------------
Source: law.com
The worst-case scenario for most companies sharing news like this with employees would be a higher-than-average rate of employee turnover. UBS Painewebber was not so lucky. On Monday March 4, 2002, a now-former UBS-PW systems administrator named Roger Duronio executed a logic bomb that disabled a large number of the important servers responsible for executing the stock trades when the stock market opened.
In order to understand the effect on UBS-PW, you must understand what a logic bomb does. A logic bomb is a malicious program that destroys computer data at a preset time. A logic bomb, minimally, contains two main subcomponents to destroy computer data: a "trigger" and a "payload." A trigger to a logic bomb is similar to the timer on a physical bomb. When the timer reaches zero, the bomb is detonated. The payload is the actual bomb that is executed in a logic bomb.
In the case of U.S. v. Duronio, the bomb was the standard Unix remove command hidden amongst other legitimate commands. The payload was triggered in such a way that it would delete all of the files on the important stock trading servers on the morning of March 4, 2002, which in turn would render them useless to UBS-PW employees and stock traders.
In this case, the logic bomb contained a third component called the "persistence mechanism." The persistence mechanism ensured that this logic bomb would always detonate at 9:30 a.m. on March 4, 2002. Even if the machine was rebooted, the logic bomb would accomplish its mission because of the persistence mechanism. Even if the systems administrator found one instance of the persistence mechanism, the other portion would ensure that the logic bomb would detonate. In my opinion, the use of this persistence mechanism demonstrated the deliberate premeditation and intention of the logic bomb's purpose. This logic bomb would take down numerous servers on the UBS-PW network on March 4, 2002.
To view entire article: click here
---------------------------------------
Source: law.com
Monday, May 14, 2007
Pursuing Path of Paperlessness
Benefits Are Greater Than Costs
As Kenny Lund takes his visitor on a tour of Allen Lund Co.’s corporate offices, he seems especially enthusiastic about what is not there.
The La Canada transportation logistics and brokerage company took its first steps to creating a paperless environment in October and so far is six or seven file cabinets lighter.
If all goes as planned, Lund, the vice president of support operations for the family-owned company, expects that 90 percent of the paperwork at the firm will be eliminated within the next two to three years.
Although many companies are moving to reduce the amount of paper they store, Allen Lund Co. is among the few that is hoping to reduce nearly all of its reliance on paper documents.
Lund is pleased that the move comes at a time when interest in the environment is high, but there is a more pressing business reason behind the move to a paperless workplace.
“We need more access to information faster,” Lund says simply.
The company took its first step with its carrier resources department – the place where much of the data about the trucking companies it works with is stored for retrieval by a range of different departments.
The paperwork is scanned into the computer system, assigned to a file in the system and then the paper documents are destroyed.
The next step is to bring its bills of lading online, followed by its 29 sales offices, accounting and human resources department.
To view entire article: click here
---------------------------------------
Source: sfvbj.com
As Kenny Lund takes his visitor on a tour of Allen Lund Co.’s corporate offices, he seems especially enthusiastic about what is not there.
The La Canada transportation logistics and brokerage company took its first steps to creating a paperless environment in October and so far is six or seven file cabinets lighter.
If all goes as planned, Lund, the vice president of support operations for the family-owned company, expects that 90 percent of the paperwork at the firm will be eliminated within the next two to three years.
Although many companies are moving to reduce the amount of paper they store, Allen Lund Co. is among the few that is hoping to reduce nearly all of its reliance on paper documents.
Lund is pleased that the move comes at a time when interest in the environment is high, but there is a more pressing business reason behind the move to a paperless workplace.
“We need more access to information faster,” Lund says simply.
The company took its first step with its carrier resources department – the place where much of the data about the trucking companies it works with is stored for retrieval by a range of different departments.
The paperwork is scanned into the computer system, assigned to a file in the system and then the paper documents are destroyed.
The next step is to bring its bills of lading online, followed by its 29 sales offices, accounting and human resources department.
To view entire article: click here
---------------------------------------
Source: sfvbj.com
Laws Governing Data Retention Face Technologies That Ax Data
One new product eliminates traces of communications. Another new product gives people an e-mail address that vanishes in 10 minutes. Products that ax data records are emerging — even as laws to retain such data are being strengthened.
The verdict is in: The explosion of digital data is creating one heck of a legal headache. It's likely to cause pain for businesses as the laws dealing with data-retention issues get ironed out.
"The law is clearly chasing behind the technology," said Cynthia Jackson, a partner with the Palo Alto, Calif.-office of the nation's largest law firm, Baker & McKenzie.
Right now, companies are facing a potential legal quandary over amendments to the Federal Rules of Civil Procedure that took effect on Dec. 1. These rules govern legal conduct in federal civil cases.
The new rules force companies to retain their electronic files whenever they have a reasonable inkling that litigation is expected. All relevant e-mails and text documents must be stored in case the other side asks for the data as part of the pretrial process known as discovery. Today, it's also is known as electronic discovery, or e-discovery.
But electronically stored information, or ESI, is growing by an astounding rate. Attorneys face many questions. As Jackson said, "There are going to be areas of uncertainty."
To view entire article: click here
---------------------------------------
Source: investors.com
The verdict is in: The explosion of digital data is creating one heck of a legal headache. It's likely to cause pain for businesses as the laws dealing with data-retention issues get ironed out.
"The law is clearly chasing behind the technology," said Cynthia Jackson, a partner with the Palo Alto, Calif.-office of the nation's largest law firm, Baker & McKenzie.
Right now, companies are facing a potential legal quandary over amendments to the Federal Rules of Civil Procedure that took effect on Dec. 1. These rules govern legal conduct in federal civil cases.
The new rules force companies to retain their electronic files whenever they have a reasonable inkling that litigation is expected. All relevant e-mails and text documents must be stored in case the other side asks for the data as part of the pretrial process known as discovery. Today, it's also is known as electronic discovery, or e-discovery.
But electronically stored information, or ESI, is growing by an astounding rate. Attorneys face many questions. As Jackson said, "There are going to be areas of uncertainty."
To view entire article: click here
---------------------------------------
Source: investors.com
Thursday, May 10, 2007
Court Sets Out Detailed Guidelines for Discovery of ESI, Adapting "Suggested Protocol" of the District of Maryland
O'Bar v. Lowe's Home Centers, Inc., 2007 WL 1299180 (W.D.N.C. May 2, 2007)
This is a putative class action in which the plaintiffs allege they were discriminated against because they were not minorities or females. Finding that plaintiffs were entitled to limited precertification discovery, the court ordered the parties, pursuant to Rule 26(f), to jointly prepare and submit to the court a specific and detailed precertification discovery plan. Based upon the previous disputes between the parties, the court stated it anticipated issues arising as to the discovery of data through various types of computer programs maintained by defendant. Thus, in order to assist the parties in conducting discovery of electronically stored information (“ESI”), the court set out detailed guidelines that would govern the parties. The guidelines were adapted from the “Suggested Protocol for Discovery of Electronically Stored Information” set forth by the United States District Court for the District of Maryland.
The court encouraged the parties to discuss the following subjects, in preparing the precertification discovery plan:
A. The anticipated scope of requests for, and objections to, production of ESI, as well as the form of production of ESI and, specifically, but without limitation, whether production will be of the Native File, Static Image, or other searchable or non-searchable formats;
B. Whether Meta-Data is requested for some or all ESI and, if so, the volume and costs of producing and reviewing said ESI;
C. Preservation of ESI during the pendency of the lawsuit;
D. Post-production assertion, and preservation or waiver of, the attorney-client privilege, work product doctrine, and/or other privileges in light of “clawback,” “quick peek,” or testing or sampling procedures, and submission of a proposed order;
E. Identification of ESI that is or is not reasonably accessible without undue burden or cost;
F. Methods of identifying pages or segments of ESI produced in discovery;
G. The method and manner of redacting information from ESI if only part of the ESI is discoverable;
H. The nature of information systems used by the party or person or entity served with a subpoena requesting ESI;
I. Specific facts related to the costs and burdens of preservation, retrieval, and use of ESI;
J. Cost sharing for the preservation, retrieval and/or production of ESI, including any discovery database, differentiating between ESI that is reasonably accessible and ESI that is not reasonably accessible;
K. Search methodologies for retrieving or reviewing ESI;
L. Preliminary depositions of information systems personnel, and limits on the scope of such depositions;
M. The need for two-tier or staged discovery of ESI, considering whether ESI initially can be produced in a manner that is more cost-effective, while reserving the right to request or to oppose additional more comprehensive production in a latter stage or stages;
N. The need for any protective orders or confidentiality orders, in conformance with the Local Rules and substantive principles governing such orders;
O. Any request for sampling or testing of ESI; the parameters of such requests; the time, manner, scope, and place limitations that will voluntarily or by Court order be placed on such processes; the persons to be involved; and the dispute resolution mechanism, if any, agreed-upon by the parties; and
P. Any agreement concerning retention of an agreed-upon Court expert, retained at the cost of the parties, to assist in the resolution of technical issues presented by ESI.
To view entire order: click here
---------------------------------------
Source: eDiscoveryLaw.com
This is a putative class action in which the plaintiffs allege they were discriminated against because they were not minorities or females. Finding that plaintiffs were entitled to limited precertification discovery, the court ordered the parties, pursuant to Rule 26(f), to jointly prepare and submit to the court a specific and detailed precertification discovery plan. Based upon the previous disputes between the parties, the court stated it anticipated issues arising as to the discovery of data through various types of computer programs maintained by defendant. Thus, in order to assist the parties in conducting discovery of electronically stored information (“ESI”), the court set out detailed guidelines that would govern the parties. The guidelines were adapted from the “Suggested Protocol for Discovery of Electronically Stored Information” set forth by the United States District Court for the District of Maryland.
The court encouraged the parties to discuss the following subjects, in preparing the precertification discovery plan:
A. The anticipated scope of requests for, and objections to, production of ESI, as well as the form of production of ESI and, specifically, but without limitation, whether production will be of the Native File, Static Image, or other searchable or non-searchable formats;
B. Whether Meta-Data is requested for some or all ESI and, if so, the volume and costs of producing and reviewing said ESI;
C. Preservation of ESI during the pendency of the lawsuit;
D. Post-production assertion, and preservation or waiver of, the attorney-client privilege, work product doctrine, and/or other privileges in light of “clawback,” “quick peek,” or testing or sampling procedures, and submission of a proposed order;
E. Identification of ESI that is or is not reasonably accessible without undue burden or cost;
F. Methods of identifying pages or segments of ESI produced in discovery;
G. The method and manner of redacting information from ESI if only part of the ESI is discoverable;
H. The nature of information systems used by the party or person or entity served with a subpoena requesting ESI;
I. Specific facts related to the costs and burdens of preservation, retrieval, and use of ESI;
J. Cost sharing for the preservation, retrieval and/or production of ESI, including any discovery database, differentiating between ESI that is reasonably accessible and ESI that is not reasonably accessible;
K. Search methodologies for retrieving or reviewing ESI;
L. Preliminary depositions of information systems personnel, and limits on the scope of such depositions;
M. The need for two-tier or staged discovery of ESI, considering whether ESI initially can be produced in a manner that is more cost-effective, while reserving the right to request or to oppose additional more comprehensive production in a latter stage or stages;
N. The need for any protective orders or confidentiality orders, in conformance with the Local Rules and substantive principles governing such orders;
O. Any request for sampling or testing of ESI; the parameters of such requests; the time, manner, scope, and place limitations that will voluntarily or by Court order be placed on such processes; the persons to be involved; and the dispute resolution mechanism, if any, agreed-upon by the parties; and
P. Any agreement concerning retention of an agreed-upon Court expert, retained at the cost of the parties, to assist in the resolution of technical issues presented by ESI.
To view entire order: click here
---------------------------------------
Source: eDiscoveryLaw.com
Bogus computer expert goes from witness to Federal prisoner
The courtroom star witness pleaded guilty to faking his credentials, possibly putting several cases in question..A so-called computer forensics expert who has served as an expert trial witness has pleaded guilty in federal court to falsifying his credentials.
James Earl Edmiston, 36, of Long Beach, California, pleaded guilty before a US District judge in Fresno, California, to two counts of perjury. He faces a maximum of 10 years in prison and a fine of US$500,000.
Edmiston admitted in a plea agreement that he had been retained by two Fresno-based criminal defense attorneys to provide computer forensic analysis in several child exploitation prosecutions.
As part of his work on those cases, Edmiston prepared and executed several declarations under penalty of perjury between 3 April, 2006, and 19 July, 2006, according to a release from the US Attorney's Office.
In the declarations, he stated that he had been a computer consultant for 12 years, had a master's degree in computer engineering from the California Institute of Technology, and had been qualified as an expert witness in computers and their online usage by numerous state and federal courts throughout California.
However, the government reported that an investigation revealed that Edmiston did not have degrees from the California Institute of Technology, the University of California at Los Angeles, or the University of Nevada at Las Vegas, as he alleged.
Court documents also showed that he concealed a prior criminal record that includes a prison term that he served in the mid-1990s as a result of forgery convictions in a California Superior Court.
Assistant US Attorney Sheila Oberto, who works in the Eastern District of California, said in an interview with InformationWeek that Edmiston was involved in at least two federal cases in the Eastern District of California alone.
To view entire article: click here
---------------------------------------
Source: ITNews
James Earl Edmiston, 36, of Long Beach, California, pleaded guilty before a US District judge in Fresno, California, to two counts of perjury. He faces a maximum of 10 years in prison and a fine of US$500,000.
Edmiston admitted in a plea agreement that he had been retained by two Fresno-based criminal defense attorneys to provide computer forensic analysis in several child exploitation prosecutions.
As part of his work on those cases, Edmiston prepared and executed several declarations under penalty of perjury between 3 April, 2006, and 19 July, 2006, according to a release from the US Attorney's Office.
In the declarations, he stated that he had been a computer consultant for 12 years, had a master's degree in computer engineering from the California Institute of Technology, and had been qualified as an expert witness in computers and their online usage by numerous state and federal courts throughout California.
However, the government reported that an investigation revealed that Edmiston did not have degrees from the California Institute of Technology, the University of California at Los Angeles, or the University of Nevada at Las Vegas, as he alleged.
Court documents also showed that he concealed a prior criminal record that includes a prison term that he served in the mid-1990s as a result of forgery convictions in a California Superior Court.
Assistant US Attorney Sheila Oberto, who works in the Eastern District of California, said in an interview with InformationWeek that Edmiston was involved in at least two federal cases in the Eastern District of California alone.
To view entire article: click here
---------------------------------------
Source: ITNews
Judges Rule on Hard-to-Discover Data
Federal judges have published opinions for more than 50 e-discovery disputes since the landmark amendments to the Federal Rules of Civil Procedure governing the discovery of electronically stored information went into effect on Dec. 1, 2006. These cases give -- in almost real time -- valuable insight into how judges are interpreting the amendments. These cases provide direction on how to handle the identification, preservation, collection, review and production of ESI in litigation going forward.
One commentator noted that these district court decisions serve an important role in providing de facto national standards for e-discovery disputes.[FOOTNOTE 1]
This article will focus on two such cases, Best Buy Stores L.P. v. Developers Diversified Realty Corp.[FOOTNOTE 2] and Ameriwood Industries Inc. v. Liberman.[FOOTNOTE 3] These cases tackle a recurring problem -- the discovery of information stored on computer systems and sources that aren't reasonably accessible. These difficult-to-access sources include backup tapes used for disaster recovery that aren't catalogued or indexed and legacy data from systems that are currently unreadable. These sources may contain information responsive to a particular discovery request, but it would take considerable time and money to access, cull or produce data from them.
Newly amended Rule 26(b)(2) creates a two-tiered procedure to limit the burden imposed by discovery of this type of information. Under this procedure, a party responding to a discovery request must -- as an initial matter -- produce reasonably accessible responsive ESI to its opponent and then identify, by category or type, the sources of potentially responsive ESI that it believes aren't reasonably accessible.
After this identification, a requesting party may move to compel the production of the not reasonably accessible data. The burden then shifts to the responding party, who must offer proof of the undue burden or cost. The burden then shifts back to the requesting party to show that good cause exists to order production notwithstanding the burden and cost.
In the Best Buy and Ameriwood cases, the producing parties obtained different results in their attempts to block production of not reasonably accessible data under the new procedure spelled out in Rule 26(b)(2). The producing party in Ameriwood was successful in avoiding the production of over 50,000 potentially responsive e-mails, over 4,000 Microsoft Office files, and possibly hundreds of thousands of additional documents on the grounds that this data was not reasonably accessible because doing so would be undue burden.
Contrast this result with the Best Buy case, where the producing parties weren't successful and had to restore and review e-mails and electronic documents from 345 backup tapes in less than a month at an estimated cost of nearly $500,000, not including attorney fees for review of the documents for privilege and responsiveness. Below is a discussion of both cases and the lessons they teach.
To view entire article: click here
---------------------------------------
Source: Law.com
By Ronni Abramson
One commentator noted that these district court decisions serve an important role in providing de facto national standards for e-discovery disputes.[FOOTNOTE 1]
This article will focus on two such cases, Best Buy Stores L.P. v. Developers Diversified Realty Corp.[FOOTNOTE 2] and Ameriwood Industries Inc. v. Liberman.[FOOTNOTE 3] These cases tackle a recurring problem -- the discovery of information stored on computer systems and sources that aren't reasonably accessible. These difficult-to-access sources include backup tapes used for disaster recovery that aren't catalogued or indexed and legacy data from systems that are currently unreadable. These sources may contain information responsive to a particular discovery request, but it would take considerable time and money to access, cull or produce data from them.
Newly amended Rule 26(b)(2) creates a two-tiered procedure to limit the burden imposed by discovery of this type of information. Under this procedure, a party responding to a discovery request must -- as an initial matter -- produce reasonably accessible responsive ESI to its opponent and then identify, by category or type, the sources of potentially responsive ESI that it believes aren't reasonably accessible.
After this identification, a requesting party may move to compel the production of the not reasonably accessible data. The burden then shifts to the responding party, who must offer proof of the undue burden or cost. The burden then shifts back to the requesting party to show that good cause exists to order production notwithstanding the burden and cost.
In the Best Buy and Ameriwood cases, the producing parties obtained different results in their attempts to block production of not reasonably accessible data under the new procedure spelled out in Rule 26(b)(2). The producing party in Ameriwood was successful in avoiding the production of over 50,000 potentially responsive e-mails, over 4,000 Microsoft Office files, and possibly hundreds of thousands of additional documents on the grounds that this data was not reasonably accessible because doing so would be undue burden.
Contrast this result with the Best Buy case, where the producing parties weren't successful and had to restore and review e-mails and electronic documents from 345 backup tapes in less than a month at an estimated cost of nearly $500,000, not including attorney fees for review of the documents for privilege and responsiveness. Below is a discussion of both cases and the lessons they teach.
To view entire article: click here
---------------------------------------
Source: Law.com
By Ronni Abramson
Easing e-discovery?
Large-scale corporate litigation usually means a blizzard of documentation. With the increasingly complex nature of globalised business, this can mean hundreds of thousands of documents and millions of pages. But fortunately - just as things seemed to be becoming unmanageable – salvation appeared in the shape of technology to enable lawyers to store, sort and select what was relevant.
The availability of paper documents in electronic form led to e-discovery and - in both the UK and the US - having the right technology rapidly became an important feature in a law firm’s arsenal. The American magazine Corporate Counsel said earlier this year: “Law firms realise that technology offerings are a way to distinguish themselves in a crowded market. So they’ve been beefing up their personnel in areas such as e-discovery.”
In fact, a survey by Law Firm Inc. showed that 70 per cent of America’s top 200 law firms operated at least ten extranets. In short, technology is now critical to the discovery process on both sides of the Atlantic.
But what looked like two steps forward also included one big backwards step.
E-discovery looks great on paper. But once you start hitting the keyboard huge problems surface. Above all, there is the fact that no matter how sophisticated your law firm’s software, if it cannot talk to the other side then all you have done is created another set of problems. Solving this means further interventions adding time and money to the job.
According to Vince Neicho at Allen & Overy: “If law firms’ IT systems cannot speak to each other then it’s very frustrating. To deal with it you need to build a filter for each individual firm so that you can communicate with it. And if you are dealing with a score of firms then maybe each one will need a different filter.”
The costs of all this can be very considerable. The inconvenience even more so. But what can be done?
To deal with the underlying issue a number of leading UK law firms got together to discuss it through the channels of the UK-based think tank Litigation Support Technology Group (LiST). LiST’s membership includes all of the “magic circle” firms and a number of US and Australian firms. The recent appointment of Its reputation has been enhanced recently by the appointment of Master Whitaker, one of the judicial pioneers in the use of technology in civil proceedings, as honorary president has enhanced its reputation.
The result of the discussions was the setting up of the LiST Electronic Data Exchange (EDE) Working Group, consisting of representatives from Allen & Overy, DLA Piper, Simmons & Simmons, Freshfields and Ashurst. The view among the EDE was that the need for action was urgent not least because there is likely to be a significant shift soon from the creation of electronic files from paper to the exchange of parties' source data in its native format. The aim, therefore, according to Mr Neicho, was to establish a “kind of legal Esperanto” so that all these IT systems could communicate with each other.
Good progress has been made. Last Autumn the group met with officials from software group Adobe to discuss LiST's proposals for developing a standard format for the exchange of electronic documents in England and Wales. This led to Adobe agreeing to explore the establishment of what they said would be “a minimum standard that customers should insist upon when PDFs are created”.
To view entire article: click here
---------------------------------------
Source: TimesOnline
By: Edward Fennel
The availability of paper documents in electronic form led to e-discovery and - in both the UK and the US - having the right technology rapidly became an important feature in a law firm’s arsenal. The American magazine Corporate Counsel said earlier this year: “Law firms realise that technology offerings are a way to distinguish themselves in a crowded market. So they’ve been beefing up their personnel in areas such as e-discovery.”
In fact, a survey by Law Firm Inc. showed that 70 per cent of America’s top 200 law firms operated at least ten extranets. In short, technology is now critical to the discovery process on both sides of the Atlantic.
But what looked like two steps forward also included one big backwards step.
E-discovery looks great on paper. But once you start hitting the keyboard huge problems surface. Above all, there is the fact that no matter how sophisticated your law firm’s software, if it cannot talk to the other side then all you have done is created another set of problems. Solving this means further interventions adding time and money to the job.
According to Vince Neicho at Allen & Overy: “If law firms’ IT systems cannot speak to each other then it’s very frustrating. To deal with it you need to build a filter for each individual firm so that you can communicate with it. And if you are dealing with a score of firms then maybe each one will need a different filter.”
The costs of all this can be very considerable. The inconvenience even more so. But what can be done?
To deal with the underlying issue a number of leading UK law firms got together to discuss it through the channels of the UK-based think tank Litigation Support Technology Group (LiST). LiST’s membership includes all of the “magic circle” firms and a number of US and Australian firms. The recent appointment of Its reputation has been enhanced recently by the appointment of Master Whitaker, one of the judicial pioneers in the use of technology in civil proceedings, as honorary president has enhanced its reputation.
The result of the discussions was the setting up of the LiST Electronic Data Exchange (EDE) Working Group, consisting of representatives from Allen & Overy, DLA Piper, Simmons & Simmons, Freshfields and Ashurst. The view among the EDE was that the need for action was urgent not least because there is likely to be a significant shift soon from the creation of electronic files from paper to the exchange of parties' source data in its native format. The aim, therefore, according to Mr Neicho, was to establish a “kind of legal Esperanto” so that all these IT systems could communicate with each other.
Good progress has been made. Last Autumn the group met with officials from software group Adobe to discuss LiST's proposals for developing a standard format for the exchange of electronic documents in England and Wales. This led to Adobe agreeing to explore the establishment of what they said would be “a minimum standard that customers should insist upon when PDFs are created”.
To view entire article: click here
---------------------------------------
Source: TimesOnline
By: Edward Fennel
Tuesday, May 08, 2007
Chief U.S. Magistrate Judge Grimm Provides Detailed Analysis of Evidentiary Issues Associated with Electronic Evidence
Lorraine v. Markel Am. Ins. Co., 2007 WL 1300739 (D. Md. May 4, 2007)
In this case, the parties filed cross-motions for summary judgment but failed to comply with the requirement of Rule 56 that they support their motions with admissible evidence. Chief United States Magistrate Judge Paul W. Grimm denied both motions without prejudice to allow resubmission with proper evidentiary support. In this lengthy memorandum opinion, Magistrate Judge Grimm remarks that, although cases abound regarding the discoverability of electronic records, research failed to locate a comprehensive analysis of the many interrelated evidentiary issues associated with electronic evidence. “Given the pervasiveness today of electronically prepared and stored records, as opposed to the manually prepared records of the past, counsel must be prepared to recognize and appropriately deal with the evidentiary issues associated with the admissibility of electronically generated and stored evidence.” Magistrate Judge Grimm describes five distinct but interrelated evidentiary issues that govern whether electronic evidence will be admitted into evidence at trial or accepted as an exhibit in summary judgment practice, and counsels:
Although each of these rules may not apply to every exhibit offered, as was the case here, each still must be considered in evaluating how to secure the admissibility of electronic evidence to support claims and defenses. Because it can be expected that electronic evidence will constitute much, if not most, of the evidence used in future motions practice or at trial, counsel should know how to get it right on the first try. The Court hopes that the explanation provided in this memorandum order will assist in that endeavor.
To view entire opinion: click here
---------------------------------------
Source: eDiscoveryLaw.com
In this case, the parties filed cross-motions for summary judgment but failed to comply with the requirement of Rule 56 that they support their motions with admissible evidence. Chief United States Magistrate Judge Paul W. Grimm denied both motions without prejudice to allow resubmission with proper evidentiary support. In this lengthy memorandum opinion, Magistrate Judge Grimm remarks that, although cases abound regarding the discoverability of electronic records, research failed to locate a comprehensive analysis of the many interrelated evidentiary issues associated with electronic evidence. “Given the pervasiveness today of electronically prepared and stored records, as opposed to the manually prepared records of the past, counsel must be prepared to recognize and appropriately deal with the evidentiary issues associated with the admissibility of electronically generated and stored evidence.” Magistrate Judge Grimm describes five distinct but interrelated evidentiary issues that govern whether electronic evidence will be admitted into evidence at trial or accepted as an exhibit in summary judgment practice, and counsels:
Although each of these rules may not apply to every exhibit offered, as was the case here, each still must be considered in evaluating how to secure the admissibility of electronic evidence to support claims and defenses. Because it can be expected that electronic evidence will constitute much, if not most, of the evidence used in future motions practice or at trial, counsel should know how to get it right on the first try. The Court hopes that the explanation provided in this memorandum order will assist in that endeavor.
To view entire opinion: click here
---------------------------------------
Source: eDiscoveryLaw.com
Business Continuity Plans Must Include Data Recovery Scenario
Many businesses and government agencies haveimplemented business continuity plans that include data backup to minimizedowntime during a disaster or other unforeseen disruptions, but manyorganizations don't realize data loss can occur despite having backuptechnology.
Even the best backup technology can fail because of human error or faultyhardware. Thorough business continuity plans must take into account the needto retrieve data from damaged storage media, whether it is a primary computeror a backup device.
"Data loss is inevitable because technology does eventually fail," saysBill Margeson, president and CEO of CBL Data Recovery Technologies Inc."Organizations should not only develop and implement a business continuityplan, but they should test it frequently and have a plan of action in theevent a data backup fails and their mission-critical information can't beaccessed."
Lost data can cripple many organizations and in some cases drive them outof business, especially smaller companies. In fact, according to research firmIDC, digital data is growing in sheer volume, even for small businesses, whoare less able to manage it due to lack of IT skills. The report, "TheExpanding Digital Universe", also predicts that in 2007 the volume ofinformation created and replicated will surpass the storage capacity availableto store it.
"More people are reliant on data to manage their day-to-day activities,both personally and professionally, so its loss is keenly felt," addsMargeson. "However, data storage media can be extremely resilient and retaindigital information despite considerable physical damage. Many businessesdon't realize data recovery is an option when data loss occurs. Backups dofail, including expensive RAID storage arrays with mission-critical data thatwe see come through our lab on a regular basis."
To view entire article: click here
---------------------------------------
Source: newswire.ca
Even the best backup technology can fail because of human error or faultyhardware. Thorough business continuity plans must take into account the needto retrieve data from damaged storage media, whether it is a primary computeror a backup device.
"Data loss is inevitable because technology does eventually fail," saysBill Margeson, president and CEO of CBL Data Recovery Technologies Inc."Organizations should not only develop and implement a business continuityplan, but they should test it frequently and have a plan of action in theevent a data backup fails and their mission-critical information can't beaccessed."
Lost data can cripple many organizations and in some cases drive them outof business, especially smaller companies. In fact, according to research firmIDC, digital data is growing in sheer volume, even for small businesses, whoare less able to manage it due to lack of IT skills. The report, "TheExpanding Digital Universe", also predicts that in 2007 the volume ofinformation created and replicated will surpass the storage capacity availableto store it.
"More people are reliant on data to manage their day-to-day activities,both personally and professionally, so its loss is keenly felt," addsMargeson. "However, data storage media can be extremely resilient and retaindigital information despite considerable physical damage. Many businessesdon't realize data recovery is an option when data loss occurs. Backups dofail, including expensive RAID storage arrays with mission-critical data thatwe see come through our lab on a regular basis."
To view entire article: click here
---------------------------------------
Source: newswire.ca
Discovering e-discovery: How information security pros should prepare
Chances are that you've recently been hearing quite a lot of buzz about e-discovery. That's because amendments to sections of the Federal Rules of Civil Procedure took effect as of Dec. 1, 2006. Sections of these amendments set forth rules governing how companies prepare for litigation in regard to the collection of electronic evidence/information.
The rule changes are intended to recognize that companies manage and maintain electronically stored information (ESI) in fundamentally different ways than physical documents. The new e-discovery rules formally codify much of the preexisting case law related to e-discovery.
Fortunately, there's no need to panic as a result of the changes. Keep in mind that e-discovery is part of the litigation process, and should be driven by the corporation's legal team or outside council, not by IT. However, the e-discovery effort will involve several groups within the organization, such as legal, IT -- including security, storage and messaging -- and others as needed.
Preparing for e-discovery Before there is ever a need to comply with an e-discovery request, there are several tasks that information security professionals should perform.
Foster open dialog between security, legal, and other groups -- The only way to have a prepared response to an e-discovery request is to be proactive. This, of course, requires laying some groundwork. Make sure that your senior-most security executives are aware of the civil procedure changes. Look to your company's legal team as the key stakeholder, but the security team should be prepared to perform e-discovery support functions. As a result, it will be seen as either an enabler or a barrier.
Create clearly articulated data retention policies and procedures for retaining important information -- Companies are interpreting the requirements set forth by these rules very differently. For instance, there are two lines of thought related to document retention. Some companies attempt to apply rigid policies related to document retention and destruction; they seek to limit the scope of their e-discovery search by limiting the volume of stored data. In addition, their hope is that some potentially damning ESI will be destroyed as the result of following normal business processes. The second line of thought is that companies should keep everything. This line of thought takes into account the fact that data is reproducible; there are always at least two copies of an email (sender and receiver), users tend to copy data to multiple locations, and so on. It will always be difficult for a company to reasonably state that certain data points are not available.
Have an e-discovery action plan -- Realize that IT is a critical path for litigation. Regardless of your company's stance on ESI retention and destruction, it is important to have an established method for locating ESI that may be relevant to any current or pending litigation (including litigation which may be reasonably foreseeable). Often called a litigation hold policy, this process would include the ability to perform relevant keyword/key-phrase searches across the company's vast amounts of structured data (e.g. application data stores) and unstructured data (e.g. documents, email messages, spreadsheets, etc.). It is counterproductive for an organization to have to figure out how to accomplish this each time it is required to produce ESI, so be sure to have a product, process or combination of the two that will produce consistent results.
Create and maintain templates for documenting an e-discovery log for each case -- Remember that the output of your ESI production process has legal implications. Be sure to keep track of the exact search words/phrases used to generate any records handed over. It is critical to have formalized, repeatable processes. The overall credibility of your company could be tarnished if the opposing party or the judge perceives your efforts as ad-hoc or haphazard.
Maintain an accurate list of system/data types and their IT and business owners -- Pure and simple: the company will never be able to reasonably state that it has produced all the relevant data without knowing the location of all its data. Thus it is imperative to maintain a system inventory. Know the inputs and outputs, the data elements, and who owns the systems from both an IT perspective and a business perspective.
Establish security and audit controls around the e-discovery process -- Producing all of this data inherently increases risk to your organization. Chances are that there will be a great deal of sensitive information (both personally identifiable information and proprietary company information) in the data gathered. It is therefore imperative that security and audit teams have a hand in defining the processes involved.
To view entire article: click here
---------------------------------------
Source: SearchSecurity.com
The rule changes are intended to recognize that companies manage and maintain electronically stored information (ESI) in fundamentally different ways than physical documents. The new e-discovery rules formally codify much of the preexisting case law related to e-discovery.
Fortunately, there's no need to panic as a result of the changes. Keep in mind that e-discovery is part of the litigation process, and should be driven by the corporation's legal team or outside council, not by IT. However, the e-discovery effort will involve several groups within the organization, such as legal, IT -- including security, storage and messaging -- and others as needed.
Preparing for e-discovery Before there is ever a need to comply with an e-discovery request, there are several tasks that information security professionals should perform.
Foster open dialog between security, legal, and other groups -- The only way to have a prepared response to an e-discovery request is to be proactive. This, of course, requires laying some groundwork. Make sure that your senior-most security executives are aware of the civil procedure changes. Look to your company's legal team as the key stakeholder, but the security team should be prepared to perform e-discovery support functions. As a result, it will be seen as either an enabler or a barrier.
Create clearly articulated data retention policies and procedures for retaining important information -- Companies are interpreting the requirements set forth by these rules very differently. For instance, there are two lines of thought related to document retention. Some companies attempt to apply rigid policies related to document retention and destruction; they seek to limit the scope of their e-discovery search by limiting the volume of stored data. In addition, their hope is that some potentially damning ESI will be destroyed as the result of following normal business processes. The second line of thought is that companies should keep everything. This line of thought takes into account the fact that data is reproducible; there are always at least two copies of an email (sender and receiver), users tend to copy data to multiple locations, and so on. It will always be difficult for a company to reasonably state that certain data points are not available.
Have an e-discovery action plan -- Realize that IT is a critical path for litigation. Regardless of your company's stance on ESI retention and destruction, it is important to have an established method for locating ESI that may be relevant to any current or pending litigation (including litigation which may be reasonably foreseeable). Often called a litigation hold policy, this process would include the ability to perform relevant keyword/key-phrase searches across the company's vast amounts of structured data (e.g. application data stores) and unstructured data (e.g. documents, email messages, spreadsheets, etc.). It is counterproductive for an organization to have to figure out how to accomplish this each time it is required to produce ESI, so be sure to have a product, process or combination of the two that will produce consistent results.
Create and maintain templates for documenting an e-discovery log for each case -- Remember that the output of your ESI production process has legal implications. Be sure to keep track of the exact search words/phrases used to generate any records handed over. It is critical to have formalized, repeatable processes. The overall credibility of your company could be tarnished if the opposing party or the judge perceives your efforts as ad-hoc or haphazard.
Maintain an accurate list of system/data types and their IT and business owners -- Pure and simple: the company will never be able to reasonably state that it has produced all the relevant data without knowing the location of all its data. Thus it is imperative to maintain a system inventory. Know the inputs and outputs, the data elements, and who owns the systems from both an IT perspective and a business perspective.
Establish security and audit controls around the e-discovery process -- Producing all of this data inherently increases risk to your organization. Chances are that there will be a great deal of sensitive information (both personally identifiable information and proprietary company information) in the data gathered. It is therefore imperative that security and audit teams have a hand in defining the processes involved.
To view entire article: click here
---------------------------------------
Source: SearchSecurity.com
Data classification is first step in successful data protection
The Federal Financial Institutions Examination Council (FFIEC) guidelines state that data classification must be an element of an enterprise's risk assessment process. Why does the FFIEC mandate data classification? Essentially to differentiate low-value from high-value information, and to mandate the correct security controls for each. A high-value data point obviously requires more stringent protection mechanisms.
While the FFIEC calls this process data flow mapping, we in security normally would refer to it as the process of classifying data based on corporate business sensitivity. Essentially the importance of information to the business controls its classification.
In a nutshell, the data classification process should include:
Inventory of hardware and software assets
Network topology
Business process and data flow maps
Mapping technology operations to corporate strategic objectives
Notice how items two and three deal specifically with the business and security's role in supporting that business.
So how do we assess the business processes and make the leap to classifying a document? This is the journey we are about to undertake.
Getting started First it is essential that you understand your business, be it semiconductors, cars or pharmaceuticals. In a classification project, this step begins at the project's earliest point. Ideally, learning the business and how information security acts as a business enabler should be a natural part of the security professional's day-to-day responsibilities and long-term career development process.
Next, go to the business unit heads in your company and ask for their help in finding their most important intellectual property (IP) assets. Once you find those assets, evaluate the business processes that create them. Develop a simple flow diagram of the creation, distribution and storage of those assets. Congratulations; you just created a data flow diagram, and from here you can move toward classification.
Key elements of data classification So what is data classification? This seems like a reasonable question, and yet it depends on a number of other factors. The first of these involves determing who has access to the data and defining the roles of people who can access said data. For instance, a merger and aquisition document is of high strategic value to a company, and thus data access rules should ensure that only a small handful of executives can view the document.
A network diagram is seen by hundreds of folks and would likely be considered proprietary information, but with very few controls. Some documents may have intrinsic monetary value, such as a research document containing a new breakthrough discovery. Many people may have access to it, but it has financial worth due to its sales potential. Once these access roles are defined, this in turn guides you to how the data is secured.
To view entire article: click here
---------------------------------------
Source: SearchSecurity.com
While the FFIEC calls this process data flow mapping, we in security normally would refer to it as the process of classifying data based on corporate business sensitivity. Essentially the importance of information to the business controls its classification.
In a nutshell, the data classification process should include:
Inventory of hardware and software assets
Network topology
Business process and data flow maps
Mapping technology operations to corporate strategic objectives
Notice how items two and three deal specifically with the business and security's role in supporting that business.
So how do we assess the business processes and make the leap to classifying a document? This is the journey we are about to undertake.
Getting started First it is essential that you understand your business, be it semiconductors, cars or pharmaceuticals. In a classification project, this step begins at the project's earliest point. Ideally, learning the business and how information security acts as a business enabler should be a natural part of the security professional's day-to-day responsibilities and long-term career development process.
Next, go to the business unit heads in your company and ask for their help in finding their most important intellectual property (IP) assets. Once you find those assets, evaluate the business processes that create them. Develop a simple flow diagram of the creation, distribution and storage of those assets. Congratulations; you just created a data flow diagram, and from here you can move toward classification.
Key elements of data classification So what is data classification? This seems like a reasonable question, and yet it depends on a number of other factors. The first of these involves determing who has access to the data and defining the roles of people who can access said data. For instance, a merger and aquisition document is of high strategic value to a company, and thus data access rules should ensure that only a small handful of executives can view the document.
A network diagram is seen by hundreds of folks and would likely be considered proprietary information, but with very few controls. Some documents may have intrinsic monetary value, such as a research document containing a new breakthrough discovery. Many people may have access to it, but it has financial worth due to its sales potential. Once these access roles are defined, this in turn guides you to how the data is secured.
To view entire article: click here
---------------------------------------
Source: SearchSecurity.com
Subscribe to:
Posts (Atom)
