The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/624538
WWW.ILTANET.ORG 25 STRENGTHENING THE SECURITY COMMUNITY Working on the council led me to helping with the LegalSEC Summit. While on the planning committee, I learned far more than I contributed. In every meeting, there was at least one new topic related to security that I knew little about. I wasn't just learning about these issues, I was learning about resulting challenges and solutions. I was able to connect with a multitude of people I normally would not have access to. After the event was over, I realized in just one volunteering event, I had: • Sharpened and broadened my professional skills • Met with like-minded professionals (most beyond my company rank) • Collected knowledge useful in my current position • Garnered attention from the C-level rank in my company • Helped strengthen the security community at large (most important) A STRONG NETWORK In our industry, you can't afford to be a lone wolf. You need a strong network, and that network can be exponentially stronger as you experience volunteer opportunities. As I found in ILTA and other associations, there are so many people willing to help. I leave you with the words of Naval Admiral William H. McRaven, Navy Seal and ninth commander of U.S. Special Operations Command: "If you want to change the world, find someone to help you paddle." Every morning when I log in to my organization's network, I'm required to acknowledge that I am submitting to the possible monitoring of actions on my company-owned computer. My email messages, Internet browsing history and file use on the organization's network are all subject to observation. At times, I wonder who is doing all this snooping. Do we pay people to cull through thousands of lines of log files that document my activities? Do we do that for every employee? Of course not. Information systems can review and report any anomalies in user behavior. This setup sounds Orwellian, but it protects the organizations for which we work. What concerns me is who watches the systems and people responsible for watching us? Who watches the watchers? First penned by Juvenal, a Roman satirist writing in the first and second century, "who can watch the watchmen," has rightfully become a clarion call for implementing additional information security and auditing protocols within organizations. By now, most of us are familiar with the exploits of Edward Snowden. His role as a high-level computer system administrator gave him unprecedented access to several systems vital to the national security of the United States. More important, there wasn't an information system, an auditor, in place to watch this watcher. Reportedly, while a system administrator, Snowden used his administrative access and computer knowledge to swipe more than one million National Security Agency (NSA) documents. Had there been a system in place to monitor his actions and govern his control of information technology resources, he might have been caught. Most data held by law firms are highly confidential. The unauthorized release of this information could pose serious challenges to the financial well-being of the firm. It seems logical that a system should be put in place that enables an audit of the actions of its most highly trained computer network administrators. In a world increasingly reliant on talented technology experts to manage highly complex computer networks, it is imperative to establish standards for auditing and control. We must watch the watchers. WHO WATCHES THE WATCHMEN? By Jason Thomas of Thomson Reuters