AALL Spectrum

AALL Spectrum | May/June 2016 | Volume 20, Number 5

AALL Spectrum / Published by American Association of Law Libraries

Issue link: http://epubs.aallnet.org/i/678111

Contents of this Issue


Page 17 of 59

16 AALL SPECTRUM | WWW.AALLNET.ORG DARLA W. JACKSON PRACTICE MANAGEMENT ADVISOR Oklahoma Bar Association Oklahoma City, OK darlaj@okbar.org © 2016 BY DARLA W. JACKSON 7 Use Existing Frameworks and Tools e National Institute of Standards and Technology (NIST), a part of the Department of Commerce, has devel- oped "a 'cybersecurity framework' to help regulators and industry partici- pants identify and mitigate cyber risks that could potentially aect national and economic security." e frame- work, adaptable to a variety of organi- zational structures and organizations, can be used to conduct a basic review of cybersecurity practices, establish or improve cybersecurity using the steps outlined in the framework, communi- cate cybersecurity requirements with stakeholders, and identify opportuni- ties to revise or create new standards or practices. In June 2013, NIST also released a revision of its Guidelines for Managing the Security of Mobile Devices in the Enterprise. As summa- rized by the Information Law Group, these new guidelines recommend that organizations should: ¡ ¡ Have a mobile device security policy that denes the types of devices permitted, the resources that may be accessed, and how provisioning is handled. ¡ ¡ Develop system threat models for mobile devices and the resources that are accessed through mobile devices. ¡ ¡ Consider the merits of each pro- vided security service, and deter- mine which services are needed for the specic environment and then design and acquire one or more solutions that collectively provide the necessary security services. ¡ ¡ Implement and test a pilot of their mobile device solution before putting the solution into production. ¡ ¡ Fully secure each organization- issued mobile device before allowing a user to access it. ¡ ¡ Regularly maintain mobile device security. Certainly law librarians could and should be involved in assisting in steps such as developing models for reduc- ing potential threats regarding how legal resources are accessed, as recom- mended by these guidelines. TAKEAWAY: Law librarians might advo- cate for a compromise of positions that allow for a balance between conve- nience and a need to reduce risk. For example, law librarians could advocate for an information structure encour- aging e-books to be downloaded over a secure network and thus accessible on mobile devices, rather than hav- ing mobile device users access such resources over insecure wireless net- works. Such programs would likely be appreciated by users who have capped data plans on their wireless devices. 8 Purchase Cyber Liability Insurance Only 70 percent of the respondents to the inaugu- ral ALM Legal Intelligence Law Firm Cybersecurity survey reported having purchased cyber liability insurance. However, this is signicantly higher than the percent- age of 2015 ABA Technology survey respondents who indicated they have insurance. According to the 2015 ABA TECHREPORT, the "percentage of attorneys reporting that they have cyber coverage is small: 11 percent overall. It gradually increases from 10 percent for solos to only 15 percent for rms of 500+." Further, experts caution that many rms that have purchased insurance have done so without understanding the require- ments and exemptions of their poli- cies. For example, as Laurence Colletti and Sharon Nelson—who spoke at the 2016 ABA TECHSHOW on passing security audits—explain in their Legal Tech Network podcast, some policies exempt coverage of state-sponsored actions, which in many circumstances would exempt coverage of acts initiat- ed in China. Listen to the podcast at bit.ly/MJ16LTN. TAKEAWAY: Certainly law librarians are well qualied to conduct research on how courts have interpreted specic language in cyber liability policies, and can locate reviews and satisfac- tion information regarding insurance providers. Get more information about Cybersecurity and Law Firms: Ignorance Is Risk at bit.ly/MJ16ALM. The Law Librarian's Role With new technological advance- ments comes new opportunities, threats, and security solutions. No longer can legal information profes- sionals delegate all security responsi- bilities to IT sta. Legal information professionals need to be aware of the security environment and need to participate in organizational security policy development, security product/ service selection, and security educa- tional eorts. Since law librarians are involved in knowledge management and document preservation, they may be highly contributing members of the cyber-attack response teams. If we creatively nd opportunities to assist with issues of organization cyberse- curity, law librarians and information professionals can add immeasurable value to their organizations. ¢ AALL 2016 ALERT Don't miss Darla Jackson and Avery Le's session "Information Security: Changing Access Concerns and Data Protection Best (and Sometimes Easy) Practices," Sunday, July 17 from 11:30 a.m. to 12:30 p.m. For more information visit bit.ly/ AALL16InfoSecurity. LEARN MORE Learn more about AALL's Ethical Principles at bit.ly/AALLethics.

Articles in this issue

Links on this page

Archives of this issue

view archives of AALL Spectrum - AALL Spectrum | May/June 2016 | Volume 20, Number 5