Digital Forensics, eDiscovery & Technology Risks for HR Executives
-
Upload
the-lorenzi-group -
Category
Technology
-
view
512 -
download
0
description
Transcript of Digital Forensics, eDiscovery & Technology Risks for HR Executives
Digital Forensics, eDiscovery, & other
Technology Risks for the HR Executive
The Lorenzi Group
p@SSw0rDz
Match.com
• Less is More, hire a professional
This line of questioning could open discrimination issues
Concepts of Security are Changing
• The only thing you should be secure about is that nothing is secure
• Organized Crime
• Random
• Employees
• Hacktivists
Greatest Risk to Business?
• Employees, Contractors, Vendors & Partners
• Inside vs. Outside
• Don’t stop protecting outside…..
Virtual Machines & Child Porn
• The virtual world is going virtual
• CP (or CSAI – See-S-eye) is an addiction
• Pirated media a (profitable) hobby
• High bandwidth, “ghost” (vmware)
The only thing you need to know:
Liability is HUGE.
Digital Forensics & eDiscovery
• 2 Step Process• Capturing and preserving everything• Preparing the “Useful” information
SMILE!
Digital Forensics Using a 35mm Camera
Create a Forensic Image (Preserve Data)
Take a Picture
Restore the Forensic Image Develop the Film
Analyze the Information Choose the Pictures you want
Report (and Testify) as necessary Build a Scrapbook
Digital Forensics
E-Z eDiscovery
1. Convert paper to electronic images
2. Combine images with Digital Forensics results
3. Filter out Unnecessary Info
4. Review Results
5. Submit
SPOLIATION
• The alteration and/or destruction of data
• Examples:• Resending an email• Opening a Word document• Deleting a picture• Turning on a computer
Litigation Hold
Legal Notice
Starts the moment litigation becomes reasonably possible
Requires parties to preserve all potential evidence
Failure to abide could bring sanctions, fines, dismissal of case, & criminal charges
The IT Department –
Your BEST Friend… and WORST
Enemy• Digital Forensics is all about 3 things:
• Process• Experience• Defensibility
• CAN IT do some/all of it? Maybe.
• SHOULD IT do some/all of it? NO.
Any time…
You think internal is better/cheaper/faster…
• Remember:• Legal, Financial, & Criminal Liability • IT fear of public speaking• Interpersonal relationships…… (ask
about this)
Employee Monitoring• It’s not Big Brother, it’s SMART Business
• Improves Data Security Exponentially• Mistakes• Desperate• Criminal
• Makes Compliance Easier
• Can provide Productivity metrics • Termination Justification• Training Needs• Resource Allocation• Cost Saving Opportunities
Examples:
Lockheed, Fidelity, USPS, Kaiser Permanente
BYOD
• Stored Communications Act
• Employee Owned/Company Paid
• Company Owned
EADV
Electronic Devices and Social Media Misuse
Major initiative for 2012
ADA
• EU says websurfing is an addiction
• What does the US say?
• REALLY????
Thoughts
Social Media is good
Acceptable Use Policies are required
Detailed Background Checks are better than FB pages
Ongoing Training & Reminders are critical
Thank You
Rob Fitzgerald
The Lorenzi Group
866-632-9880 x123
www.thelorenzigroup.com