The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
PEER TO PEER: THE QUARTERLY MAGA ZINE OF ILTA 28 Many risk management organizations establish RPN thresholds that require teams to implement controls or re-engineer processes for high-risk failure modes. If the organization in our example chose to implement risk mitigation for any RPN over 27, then the process would be re-engineered with an additional step to mitigate the risk by presenting challenge questions to the user, creating a two-factor authentication mechanism: something you have (i.e., access to the alternative email account) and something you know (i.e., answers to the challenge questions). The new password reset process would now have a new step two added to the workflow: This simplistic example uses an easy-to-understand vulnerability to illustrate the tools that Six Sigma provides. The real value of the framework is derived when the tools are used to design processes with many moving parts and less obvious failure modes. Because Six Sigma forces practitioners to evaluate processes in a formal way and identify and prioritize risks systematically, it allows organizations to ensure all parts of processes are scrutinized and vetted by relevant stakeholders. user clicks "forgot password" link user answers predefined challenge questions system emails temp password to alternate email user logs in with temporary password 1 2 3 4 user resets password meeting requirements 5 SMART MOVES Before a new phase can be initiated, mandatory to gates ensure that proper tools were used and sufficient information was documented in order to move on. Certified Six Sigma practitioners manage each phase and lead to gate reviews. HIDDEN VULNERABILITIES Applying Six Sigma to key processes not only highlights glaring risks but also uncovers less obvious vulnerabilities. The 2013 ILTA Technology Survey emphasizes the difference between concerns around user awareness (being unaware of risky situations) and user behavior (being aware of risky situations but not taking action on them). Both concerns are common in the legal industry and detrimental to managing internal and external threats. The structure that Six Sigma brings to the table provides predictability by using controls to neutralize risks. Law firms that have adopted Six Sigma into their culture have the ability to map out potential scenarios, minimizing the probability of being blindsided. Those foreign to Six Sigma methodologies and tools are less likely to outline how their firm would bounce back from unexpected process interruptions and operate under increased uncertainty. Predictability does not just create peace of mind, it creates a competitive edge, giving clients the assurance of protected data, seamless and intuitive processes for employee morale and productivity, and ultimately dollars back to the bottom line. Evaluate existing processes your firm has in place and identify the risks. Ask yourself what your firm would do if a threat presented itself. Do you have a plan in place, and are your associates aware of the actions required on their part? What would you do if an associate innocently opened an attachment exposing confidential data on your server? What if a laptop were stolen? If your staff is not already clear on how to handle such situations and your processes are not predictable and defined, explore the power of Six Sigma. SIX SIGMA 101 The backbone of Six Sigma's success is what is ca ed DMAIC, pronounced "duh-may-ik." DMAIC stands for: Define, Measure, Analyze, Improve, Control, and is a series of sequential phases. DEFINE Define the project goals and customer (internal and external) deliverables MEASURE Measure the process to determine current performance; quantify the problem ANALYZE Analyze and determine the root cause(s) of the defects IMPROVE Improve the process by eliminating defects CONTROL Control future process performance