Forensic Update

Reflections on information management within the legal and regulatory arena

Archive for the ‘Information Security’ Category

Proud to join an august panel @ LegalTech 2018…

Posted by Johnny Lee on January 23, 2018

I am thrilled to be sharing the stage with Chris Dale, Meribeth Banischek, David Horrigan, and Rachi Messing to discuss cross-border data issues in investigations and compliance at #Legalweek18 … come join us for a lively discussion!

Details can be found here


Posted in CyberSecurity, Data Breach, Data Governance, ECM, eDiscovery, Forensic Accounting, Information Security, Investigations, Privacy, Records Retention | Leave a Comment »

Privacy + Security Forum…

Posted by Johnny Lee on August 31, 2017

Excited to represent Grant Thornton LLP and join Daniel Solove, Edward R. McNicholas, Jon Neiditz, Mauricio Paez, Liisa Thomas, Amanda Witt and a host of other luminaries and all-stars at the 2017 Privacy+Security Forum in Washington DC…

Posted in Computer Forensics, CyberSecurity, Data Breach, Data Governance, ECM, eDiscovery, Information Security, Privacy | Leave a Comment »

Minimize Business Email Compromise risk in 6 steps…

Posted by Johnny Lee on December 11, 2016

…a mix of training, process & technology to strengthen controls.gt_logo

Posted in CyberSecurity, Data Breach, Data Governance, ECM, Information Security, Investigations, Privacy, Records Retention | Leave a Comment »

What can we learn from the rash of revelations related to sizable hacks in 2012?

Posted by Johnny Lee on September 9, 2016

bitglass_wheres_your_data_thumbnail1Posit the research, which indicates that the average length of an un-detected compromise is in excess of 200 days. Couple that with research from security outfit Bitglass, and you’ve got some shocking correlations that put 2012 into a broader perspective.

That experiment employed data-tracking technology to track the traverse of sensitive data on the dark web post-compromise.
The upshot: In 12 days, these data were access 1,100 times within 22 countries, with two different cyber-crime syndicates sharing data with their peers…imagine how often compromised 2012 data changed hands over 4 years!

Bitglass Research

Posted in Computer Forensics, Data Governance, eDiscovery, Fraud, Information Security, Investigations, Privacy, Records Retention | Leave a Comment »

Employers continue to wrestle with BYOD policies…

Posted by Johnny Lee on March 16, 2015

What follows is an excerpt from an article for which I was asked to contribute last Fall.  I hope that you find it of interest.


In your opinion, how much control a company should have over an employee-owned device?

Organizations are under increasing scrutiny to protect sensitive data of all kinds, regardless of the industry in which they operate. Some regulations provide for strict liability to the employer for actions taken (and/or disclosures made) by employees, regardless of whether such actions/disclosures originate from a personally owned device. Similarly, there are legal nuances to consider related to ownership, control, and consent — especially when obligations to preserve data in litigation arise. For these reasons, organizations should carefully review their risk profile with these legal and regulatory obligations in mind.

This risk profile should govern an organization’s exercise of control over employee-owned devices. Not all risk profiles are the same; to illustrate, a traditional manufacturing company that manufactures mechanical widgets will have a very different risk profile than an organization selling specialized securities or financial instruments.

Many of these devices include personal data, like photos and private email. Should the company be able to wipe out an employee’s personal data just because the owner broke IT policies?

This is a nuanced question, so I’ll answer that “it depends.” For some organizations, the risks attendant with employee-owned devices are quite onerous. Accordingly, those organizations might take the position that an employee’s access of company-owned assets (e.g., email, secure systems, etc.) grants the employer a broad measure of control over both the content involved with that access and the accessing device. I would also say that the justification for the remote wiping would be highly fact-specific as well. In your question, you mention a violation of an IT policy; this leaves a lot to interpretation and could range from posting a sticky note with your password to your monitor to downloading the personal financial information of the organization’s entire customer database. The remedy an organization would take for the former violation might be vastly different than the remedy sought for the latter.

Obviously there should be some kind of policy in place regarding wiping data from personally owned devices. What do you think should be included in that policy?

I agree that an organization’s stance related to employee-owned devices should be memorialized in a clearly worded policy; this protects both the employer and the employee in the event that something later occurs that implicates these issues. Such companies are well advised to reinforce such policy stances through carefully crafted policies that are both monitored for compliance and enforced consistently over time. These policies should include clear statements related to ownership (of device, data, and the underlying systems involved), consent (to access, secure, and/or destroy data as well as consent to cooperate when certain matters arise related to these data), and control (of the devices, data, and systems involved).

Any other thoughts on BYOD and when to wipe data?

I would add that there are certainly risks with an employer wiping data from an employee-owned device. These risks range from morale impacts to legal implications, and companies are approaching this area in more circumspect ways in recent years. Increasingly, companies with high-risk profiles are either moving away from a BYOD policy outright or moving toward technologies that “compartmentalize” the organization’s data in a manner that is separately stored (and separately accessible) from the employee’s personal data. These technologies allow the organization the ability to both secure and to remotely wipe the information that is self-evidently the organization’s, and these technologies also allow for the non-organizational data to persist (unmolested) when a remote-wiping context arises. This, in concert with a clearly worded policy, provides the employer with the protections it requires while not seeking to place any undue burden on the employee.


Please see the disclaimer associated with content published on (and associated with) this site.

Posted in CyberSecurity, Data Breach, Data Governance, ECM, eDiscovery, Information Security, Investigations, Litigation Hold, Privacy, Records Retention | Leave a Comment »

Enjoyed presenting to SCCE…

Posted by Johnny Lee on May 23, 2014



Another wonderful time presenting with the good folks at SCCE.  What I appreciate most about this group is their willingness to tailor an audience to the topic (and vice versa).  I’m impressed with their professionalism, and I hope that the attendees gained value from my commentary.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Information Security, Investigations, Litigation Hold, Privacy, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Information Governance & eDiscovery: Flip Sides of the Same Coin…

Posted by Johnny Lee on January 7, 2014

78be66a8bffe4c4c85edf0b44a1f04e6[1]I’m excited to have been selected to present a keynote address at the upcoming AIIM Conference in April 2014.  As a furtherance to that invitation, I was asked a series of questions about my presentation.  As these were excellent questions, I thought I’d re-post them here, along with my answers to same.  I hope that you find these valuable.

Q: Briefly define information governance

A: I would define Information Governance as an enterprise-wide program that incorporates multiple organizational disciplines and that contemplates policies, procedures, processes, and controls designed and implemented to manage information at an enterprise level. Properly derived, Information Governance supports an organization’s immediate and long-term operational, regulatory, legal, and risk management requirements as they relate to the management of information.

Q: We keep reading about ediscovery and governance, who cares?

A: Organizations with a strategic view of these things recognize that Information Governance and eDiscovery are flip sides of the same coin. Simply put, the only way to diminish the significant risks attendant with eDiscovery is to go “upstream” of that triggering event, working to put in place the very policies, procedures, processes, and controls referenced above. The failure to “care” about this means that an organization will always venture into the eDiscovery game on a reactive (and thereby less effective) footing.

Q: Who SHOULD care? And Why?

A: Historically, the province of eDiscovery has been handled between an organization’s IT department and legal counsel. That said, as missteps in both eDiscovery and general data management practices carry increasingly severe penalties, creating proactive, long-term solutions is becoming the province of numerous groups across the enterprise — from the compliance and legal departments to the operational, financial, and executive branches as well (i.e., those with the best knowledge of the content being sought and analyzed).

Q: You mention an IT and legal disconnect in your description, how do you bridge that gap?

A: For the most part, the legal and IT camps have been separated by a common language. Many of the issues related to Infobesity (or the unnecessary storage of data that carries no operational value — and, worse, that carries significant risk) have arisen from the failure of these groups to communicate effectively about the long-term ramifications of maintaining the status quo. The only way to bridge this gap is for these two groups to meet in the middle, with each understanding the particular challenges the other is facing. This is not easy, but it is the only meaningful way that organizations can hope to reduce the digital haystacks before they are forced to sift through them in search of a few needles.

Q: What’s one key enabling tool for ediscovery and/or governance?

A: While we’re still many years away from any so-called magic bullet, there have been tremendous advances in technologies that can assist in these efforts. One of the most promising technological developments in recent years is the concept of predictive coding (or auto-classification) of large document sets. This technology holds a lot of promise for organizations looking for a cost-effective and defensible means to shrink their digital haystacks.

Q: One key best practice for ediscovery?

A: One of the most game-changing best practices in the eDiscovery space is good, old-fashioned project management. Proactive communication, scope-setting, and right-expertise-at-the-right time can make all the difference between a successful eDiscovery exercise and one that falters. This sounds simplistic, but many organizations still struggle to recognize this fundamental truth.


Please see the disclaimer associated with content published on (and associated with) this site.


Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Information Security, Investigations, Litigation Hold, Privacy, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

2013 in review

Posted by Johnny Lee on January 1, 2014

The stats team prepared a 2013 annual report for this blog.

Click here to see the complete report.


Please see the disclaimer associated with content published on (and associated with) this site.


Posted in Announcement, Computer Forensics, Data Governance, ECM, eDiscovery, Fraud, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Leave a Comment »

Upcoming AIIM Webinar on Information Governance…

Posted by Johnny Lee on September 2, 2012

ForensicUpdate editor will lead a presentation in late September on “Information Governance in our Social World.”  The webinar will be hosted by Autonomy and produced by AIIM.

The description for the webinar is as follows: “Information Governance is concerned with defining accountability for an organization’s information assets. If governance is implemented properly – that is, if there is GOOD governance – the organization’s information management should be compliant with any relevant legislation or regulations.

In addition to good governance, organizations need to be consistent with their departmental policies – the kinds of policies that are often sporadically enforced and/or are contradictory from one department to the next (i.e., HR or accounting retention or security policies that differ from IT’s practices).

Join this webinar to learn the latest on how Information Governance will address all the multi repository and social media interfaces that impact your organization’s policies — including those that attempt to govern behavior within your organization as well as those that affect your customers and other partners and providers. Learn tips on how to improve your information governance programs for better compliance, better processes, and better information management.”

Please see the disclaimer associated with content published on (and associated with) this site.


Posted in Data Governance, ECM, eDiscovery, Information Security, Litigation Hold, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

ForensicUpdate Editor to join panel on “Information Security, Access Control and Forensics”…

Posted by Johnny Lee on August 8, 2012

The Metro Atlanta Chapter of the Information Systems Security Association (ISSA)® will host a panel discussion on information security and related topics in late August 2012.  The meeting will be held on August 30, 2012 from 6:30 PM – 9:00 PM at One Concourse Pkwy NE, 5th floor, Atlanta, GA 30328.  Panelists include Andre Maxwell (Principal at Information Security Xperts, Inc.), Kevin Morgan (Global IT Audit Manager at InterContinental Hotels Group), and Johnny Lee (Forensic Investigator and ForensicUpdate editor).


Please join us for a lively discussion of trends, technologies, and lessons learned from practitioners wrestling with these issues on a daily basis.  Audience participation is both welcome and encouraged.  We hope to see you there!  Click here for details.

“The ISSA is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.  The primary goal of the ISSA is to promote management practices that will ensure the confidentiality, integrity, and availability of information resources. The ISSA facilitates interaction and education to create a more successful environment for global information systems security and for the professionals involved. Members include practitioners at all levels of the security field in a broad range of industries such as communications, education, healthcare, manufacturing, financial, and government.”

Please see the disclaimer associated with content published on this site.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Information Security, Litigation Hold, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

%d bloggers like this: