Peer to Peer Magazine

Per ARMA International's Generally Accepted Recordkeeping Principles (GARP), eight criteria must be met in order to manage information effectively: • Accountability • Compliance • Integrity • Retention • Availability • Disposition • Protection • Transparency In addition, Rule 1.6 of the ABA Model Rules of Professional Conduct addresses confidentiality of information specifically, stating in part, "A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure… ." Meeting this responsibility cannot be achieved in a silo, and the involvement of both the information management and information security groups is critical. Information Security Securing data in any organization involves the same basic goals: • Secure the data at rest and the data in motion • Implement as many security controls as possible within the resources/budget of the firm The firm needs to secure the perimeter, desktops, servers and applications. The complexity in all of these efforts is daunting. Every firm supports a multitude of systems and applications, and in-depth security is a must. In many firms, including the largest, security is the responsibility of just a few staff. Other firms have no dedicated staff, and the responsibility is shared. In all firms, however, security is the responsibility of everyone. Every firm should have many of these basic security protections in place: • Antivirus software for servers/clients • Encryption of external email messages • Filtering for email spam and viruses • Firewalls • Role-based access controls for IT staff • Separation of user/administrative accounts for IT staff • Two-factor authentication for remote access • Virus scans of Web browsing with proxy devices • Application installation lockdown on workstations Peer to Peer 39

• Cover