CSP and LegalTech in Leeds hosted an event on Thursday 9th February 2023. This event discussed ‘Data and Cyber Security’ to help the Legal sector be more aware, protected and secure.
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Kevin Else LegalTech event Feb 2023
1. NIS-r effect on
LegalTech
A brief guide to upcoming regulation changes and
security standards.
By Kevin Else, Consultancy Director
Kevin.Else@csp.partners
2. Agenda
• Brief introduction to Cyber Security Partners
• NIS-r – What it is
• Other standards changing
• The need for standards
• Q/A
3. CSP
• Cyber Security Partners (CSP) was established in 2016 as a security
consultancy helping clients in the rapidly growing interconnected world.
• Although based in Leeds, we operate across the UK.
• We have 100% success rate at getting our clients accredited to either
ISO2001/Cyber Essentials or Cyber Essentials+ and a 95% client retention
rate.
• www.csp.partners for more information
4. NIS –r
• Network and Information Systems Regulation 2018 –
• a set of cyber security and resilience principles for securing essential services
• a collection of supporting guidance
• a Cyber Assessment Framework (CAF) incorporating indicators of good practice
• Legal is not a Critical Industry
• But Managed Service Providers will be in next update
5. NIS –r
Not Achieved Achieved
At least one of the following statements is true All the following statements are true
A particular product or service is seen as a
"silver bullet" and vendor claims are taken at
face value.
You validate that the security measures in place
to protect the networks and information systems
are effective and remain effective for the lifetime
over which they are needed.
Assurance methods are applied without
appreciation of their strengths and limitations,
such as the risks of penetration testing in
operational environments.
You understand the assurance methods available
to you and choose appropriate methods to gain
confidence in the security of essential functions.
Assurance is assumed because there have been
no known problems to date.
Your confidence in the security as it relates to
your technology, people, and processes can be
justified to, and verified by, a third party.
Security deficiencies uncovered by assurance
activities are assessed, prioritised and remedied
when necessary in a timely and effective way.
You validate that the security measures in place
to protect the networks and information systems
are effective and remain effective for the lifetime
over which they are needed.
The methods used for assurance are reviewed to
ensure they are working as intended and remain
the most appropriate method to use.
6. Other standards changing
• Cyber Essentials – Update Due April 24th
• ISO27001/2- Updated 2022
• PCI V4.0 – March 2022
• DORA – Implementation over the next 2 years (Finance)
• CSA STAR Cloud Controls Matrix V4 – (CCM V3.0.1 withdrawn 21st Jan 2023)
7. Why do you need standards?
• Contractual reasons
• Kudos
• Assurance/Governance
• Legislation