The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/139453
need to meet client expectations in a demanding market," said Moira Vasquez, CISSP, Security Compliance Manager at Andrews Kurth LLP in Houston. "A good candidate would have the soft skills necessary to influence change in ways of working, yet a solid understanding of how to implement fit-for-purpose processes and technology." For these reasons, the standard profile of emerging security professionals has come to include a broad range of technical knowledge: attack methods, secure software development, risks associated with cloud computing and BYOD, access management, telecommunications and network controls, encryption, cyberforensics, governance and more. Because of the impact such practices have on a law firm's operations, emerging information security specialists are also expected to have clear communication skills and solid business acumen. These specialists need to be able to explain to partners and other end users, in plain speech, why an investment has been made or a specific control implemented and how that affects them day-to-day. InfoSec at Smaller Firms Securing information is a trickier issue for smaller law firms with fewer resources. Small firms may adopt the erroneous notion their size makes them less vulnerable to attacks and consequently invest less in a comprehensive security program. On the other hand, small firms that recognize the need for substantive security controls may be in something of a catch-22 since hiring dedicated security personnel could come at the expense of a position like helpdesk or application support. Nonetheless, there are several strategies small firms can deploy to secure their environment without overextending the staffing budget or compromising existing employees. The first and most important strategy is to perform a security assessment to ascertain the firm's level of risk, constitute due diligence and determine if or how to engage managed security providers and SaaS solutions. Another common strategy likely to continue to grow in popularity is to pinpoint internal staff members on the network, server operations or records management teams who have Peer to Peer 15