This document discusses a new approach to data leakage investigations and security called Catelas. Catelas uses behavioral science algorithms and social network analysis of log file data to map employee relationships and identify anomalous behavior, allowing proactive surveillance of the entire email network. This helps speed up internal investigations by identifying key suspects and custodians before collection begins. The approach aims to detect and contain information theft without collecting any emails. Catelas provides a single, holistic solution for security, compliance, and legal needs through intelligent collection and early case assessment.
Internal Investigations and Employee PrivacyDan Michaluk
A presentation to fraud investigators on managing privacy issues in investigations. Focus is on bridging the divide between legal and privacy officers and investigators.
With 100s of terabytes of email, file shares and other applications, corporation face the potential loss of critical intellectual property, trade secrets and confidential information when outsourcing identification, collection, culling, early case assessment and first pass review. Outsourcing all is no longer an option from both a cost and risk perspective. In this session, attendees will learn the the types of ESI that must be produced for discovery, as well as how in-house eDiscovery practices can reduce collection and review costs, and minimize information leakage.
This may feel like a long way off but the obligations on businesses are onerous and the time to prepare is now. The hefty fines that GDPR promises will come into force immediately so businesses are being given plenty of warning to put procedures in place to ensure they are compliant with the regulation. Read this essential guide to getting GDPR ready.
Internal Investigations and Employee PrivacyDan Michaluk
A presentation to fraud investigators on managing privacy issues in investigations. Focus is on bridging the divide between legal and privacy officers and investigators.
With 100s of terabytes of email, file shares and other applications, corporation face the potential loss of critical intellectual property, trade secrets and confidential information when outsourcing identification, collection, culling, early case assessment and first pass review. Outsourcing all is no longer an option from both a cost and risk perspective. In this session, attendees will learn the the types of ESI that must be produced for discovery, as well as how in-house eDiscovery practices can reduce collection and review costs, and minimize information leakage.
This may feel like a long way off but the obligations on businesses are onerous and the time to prepare is now. The hefty fines that GDPR promises will come into force immediately so businesses are being given plenty of warning to put procedures in place to ensure they are compliant with the regulation. Read this essential guide to getting GDPR ready.
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
It is up to law firms to protect both themselves and their clients with security measures that keep up with increasing risk. The firm can’t risk losing the trust of its clients. Here are some important ways that individual lawyers, and their firms, can improve the security of the information entrusted to them.
Law firms need to stay sharp because corporate security is getting harder,not easier. At the same time, companies are starting to recognize that information security is a fundamental business issue—one that demands an increased focus on cyber resilience, not just security. The reason is simple: criminals and state-sponsored attackers are targeting intellectual property, customer information, and avenues for business disruption. That makes law firms an ideal target.
To learn how you can locate and get a more complete picture of people and businesses across the U.S., visit http://www.lexisnexis.com/publicrecords.
For more topics that are transforming the legal industry,
visit http://www.thisisreallaw.com.
Workplace Privacy and Employee Monitoring: Laws and Methodscmilliken09
As a final business project we were instructed to develop a business document with research and documentation on a subject dealing with business law. I chose to create a document about workplace privacy because it was an interesting topic to me. Understanding these laws and methods after writing this paper allowed me to fully understand the rights and actions that an employee/employer is liable for.
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
Information Technology Policy for Corporates is the need of the hour as organisations, are continuously at a stake for violation of information technology laws, commission of cyber crimes, sexual harassment, e-mail violations, and misuse of internet and intranet.
The Diamond Datascram Diaries: Diamond Datascram Development Polsinelli PC
Our 2017 Labor and Employment Webinar Series will track the challenges that employers face through the highs and lows of the business cycle that can drive and ultimately determine a company’s success. Stages in this cycle can include company formation, growth through new investments or strategic alliances, and workforce restructuring due to changing economic conditions.
At each stage, there are discrete labor and employment issues that must be understood and addressed, which exist alongside complicating factors such as changing technologies, regulatory oversight and best practices for a compliant workforce. Polsinelli’s Labor and Employment attorneys will be joined by colleagues from practices across the firm (including Intellectual Property, White Collar, and Employee Benefits) to provide a comprehensive review of these issues.
In this series, we will follow the rise and fall of the innovative but fictional Diamond Datascram Inc. during the four main phases of the business cycle:
1. Formation: Diamond Datascram Development
2. Peak: Diamond Datascram Dominance
3. Contraction: Diamond Datascram Decline
4. Trough: Diamond Datascram Decimated
Cybersecurity & Data Protection: Thinking About Risk & ComplianceShawn Tuma
Cybersecurity & Data Protection: Thinking About Risk & Compliance is a presentation that Frisco business lawyer Shawn Tuma delivered to the Corporate Counsel Section of the Collin County Bar Association. The presentation date was May 29, 2015.
Learning to Thrive as a Tech-Savvy Lawyer by Nehal MadhaniNehal Madhani
Nehal Madhani, attorney and now CEO of Alt Legal, discusses technologies that lawyers can use to make their practices simpler, more efficient, and more profitable.
A data breach is a traumatizing event, regardless of how it occurs, and this has been a particularly active summer for thieves and scammers. In the past 12 months, Oregon lawyers have reported home and office break-ins, stolen laptops and mobile devices, and malware security intrusions. If you experience a data breach, here are the key steps you must take.
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
Winston's Global Privacy & Data Security Task Force presented an interactive webinar focused on some of the practical ways to prevent theft of key information, investigation tips, and strategies to defend against the use of that information after a theft.
Presentation I gave at the Business Fundamentals Bootcamp (March 25, 2011) hosted by Supporting Strategies and Acceleration Partners at the Cambridge Innovation Center.
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
This webinar will identifying challenges in both the privacy and security offices, explaining the necessities of working together, and identify mutual goals, both within their departments and in the context of the rest of the business. It will include solutions and suggestions for working together and case studies/examples showing common mistakes as well as success stories of privacy and IT offices working together.
Panelists:
Gant Redmon, General Counsel and VP of Business Development, Co3 Systems
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
It is up to law firms to protect both themselves and their clients with security measures that keep up with increasing risk. The firm can’t risk losing the trust of its clients. Here are some important ways that individual lawyers, and their firms, can improve the security of the information entrusted to them.
Law firms need to stay sharp because corporate security is getting harder,not easier. At the same time, companies are starting to recognize that information security is a fundamental business issue—one that demands an increased focus on cyber resilience, not just security. The reason is simple: criminals and state-sponsored attackers are targeting intellectual property, customer information, and avenues for business disruption. That makes law firms an ideal target.
To learn how you can locate and get a more complete picture of people and businesses across the U.S., visit http://www.lexisnexis.com/publicrecords.
For more topics that are transforming the legal industry,
visit http://www.thisisreallaw.com.
Workplace Privacy and Employee Monitoring: Laws and Methodscmilliken09
As a final business project we were instructed to develop a business document with research and documentation on a subject dealing with business law. I chose to create a document about workplace privacy because it was an interesting topic to me. Understanding these laws and methods after writing this paper allowed me to fully understand the rights and actions that an employee/employer is liable for.
Information Technology Policy for Corporates - Need of the Hour Vijay Dalmia
Information Technology Policy for Corporates is the need of the hour as organisations, are continuously at a stake for violation of information technology laws, commission of cyber crimes, sexual harassment, e-mail violations, and misuse of internet and intranet.
The Diamond Datascram Diaries: Diamond Datascram Development Polsinelli PC
Our 2017 Labor and Employment Webinar Series will track the challenges that employers face through the highs and lows of the business cycle that can drive and ultimately determine a company’s success. Stages in this cycle can include company formation, growth through new investments or strategic alliances, and workforce restructuring due to changing economic conditions.
At each stage, there are discrete labor and employment issues that must be understood and addressed, which exist alongside complicating factors such as changing technologies, regulatory oversight and best practices for a compliant workforce. Polsinelli’s Labor and Employment attorneys will be joined by colleagues from practices across the firm (including Intellectual Property, White Collar, and Employee Benefits) to provide a comprehensive review of these issues.
In this series, we will follow the rise and fall of the innovative but fictional Diamond Datascram Inc. during the four main phases of the business cycle:
1. Formation: Diamond Datascram Development
2. Peak: Diamond Datascram Dominance
3. Contraction: Diamond Datascram Decline
4. Trough: Diamond Datascram Decimated
Cybersecurity & Data Protection: Thinking About Risk & ComplianceShawn Tuma
Cybersecurity & Data Protection: Thinking About Risk & Compliance is a presentation that Frisco business lawyer Shawn Tuma delivered to the Corporate Counsel Section of the Collin County Bar Association. The presentation date was May 29, 2015.
Learning to Thrive as a Tech-Savvy Lawyer by Nehal MadhaniNehal Madhani
Nehal Madhani, attorney and now CEO of Alt Legal, discusses technologies that lawyers can use to make their practices simpler, more efficient, and more profitable.
A data breach is a traumatizing event, regardless of how it occurs, and this has been a particularly active summer for thieves and scammers. In the past 12 months, Oregon lawyers have reported home and office break-ins, stolen laptops and mobile devices, and malware security intrusions. If you experience a data breach, here are the key steps you must take.
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
Winston's Global Privacy & Data Security Task Force presented an interactive webinar focused on some of the practical ways to prevent theft of key information, investigation tips, and strategies to defend against the use of that information after a theft.
Presentation I gave at the Business Fundamentals Bootcamp (March 25, 2011) hosted by Supporting Strategies and Acceleration Partners at the Cambridge Innovation Center.
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
This webinar will identifying challenges in both the privacy and security offices, explaining the necessities of working together, and identify mutual goals, both within their departments and in the context of the rest of the business. It will include solutions and suggestions for working together and case studies/examples showing common mistakes as well as success stories of privacy and IT offices working together.
Panelists:
Gant Redmon, General Counsel and VP of Business Development, Co3 Systems
Data Synergy - Scaling Information BusinessesMark Davis
This presentation is designed to help you: 1) understand what makes IT companies scalable, 2) find ways to scale your business idea, 3) identify the right financing strategy.
Sapient Catelas The New Regulatory ParadigmEddie Cogan
The passing of the Dodd–Frank Wall Street Reform & Consumer Protection Act will lead to new rules that will increase the burden and cost of compliance.
Communication networks are a proxy for the relationships, interactivity and information flow that underpin how commerce is transacted. Catelas is the first solution to provide true transparency into how an organization lives and breathes, allowing compliance officers to monitor behavior, data flow, and relationships inside and outside the company without collecting a single email.
An hour long presentation on "hot topics" for Canadian employers. Deals with business system monitoring, employee responsibility for "off duty" publication and background checks.
1. Reply to Discussion ( Minimum 200 Words)1. What types of et.docxambersalomon88660
1. Reply to Discussion ( Minimum 200 Words)
1. What types of ethical issues and information security issues are common in organizations?
Ethical issues that companies are faced with is ensuring the proper use of the employee, user, and technological data that the company has in their possession. Some organizations have been known in the past to sell the data that the users provide them. This could be an ethical issue by selling the data that is trusted to the organization this falls under the ethical issue of confidentiality. Privacy is the issue of ensuring that the data is secured against attacks and hacker trying to obtain the data. Security issues include the organization developing policies and procedures that ensure the proper use and protection of the data the company has. To develop the policies and procedures a company can have their team look at the OWASP top ten on the OWASP website. (OWASP, 2017) This shows the top rated security issues that the company can employ to ensure the security of their data.
2. How can a company participating in e-business keep its information secure?
A company can ensure that they are ad-hearing the OWASP TOP ten along with making sure that the work stations and servers are up to date with all current patches and anti-virus software.
3. In regards to the organization or company you have chosen to analyze this semester, what types of ethics and information security concerns are there in your organization? What recommendations would you make to the company to better secure their information?
When it comes to recruiting service the data that we need to protect is extremely important we take care of a significant portion of the PII data. Ethical issues that come to though are how the government uses the data which could be used for personal gain or malicious purposes when it comes to the applicant. I think that giving the applicant the power to put their own information into a secure web site and then be allowed to transmit their own information for security clearance would allow the applicant and the air force to take the human element middle man out of the equation and can help mitigate the ethical issues that the organization is faced with. 1. What types of ethical issues and information security issues are common in organizations?
Ethical issues that companies are faced with is ensuring the proper use of the employee, user, and technological data that the company has in their possession. Some organizations have been known in the past to sell the data that the users provide them. This could be an ethical issue by selling the data that is trusted to the organization this falls under the ethical issue of confidentiality. Privacy is the issue of ensuring that the data is secured against attacks and hacker trying to obtain the data. Security issues include the organization developing policies and procedures that ensure the proper use and protection of the data the company has. To develop the policies and p.
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
Digital forensics is the use of analytical and investigative techniques to identify, collect, examine and report on digital evidence or information. Digital evidence can provide valuable insights during investigations of theft of intellectual property involving multi-party collusion and the misappropriation of organizational assets and resources.
During this session participants will learn various methods of mitigating the “insider threats” to an organization’s digital data and methods of investigating digital evidence contained on computer and mobile systems during internal investigations.
Main points covered:
• Learn how to mitigate and investigate the theft of Intellectual Property from your company by adding digital forensic components into your Risk Management and Compliance programs.
• Learn and understand how Digital Forensics can augment your internal investigations.
• Learn where you and your organization fit into the Digital Forensic workflow, and when to call for help.
Presenter:
Our presenter for this webinar, Ryan Duquette is a seasoned digital forensic examiner with many years of experience in law enforcement and the private sector. He took his zest for “focusing on the facts” from his days in Law Enforcement and founded Hexigent Consulting, a firm focusing on digital investigations, cyber security consulting services and litigation support.
Ryan works closely with clients involved in workplace investigations and civil litigation matters including intellectual property theft, HR investigation and data breaches. During his days in Law Enforcement, he conducted digital investigations on a variety of criminal cases including homicide, child pornography, fraud, missing persons, and sexual assault cases.
He is a Sessional Lecturer at the University of Toronto teaching digital forensics, holds a Master of Science degree in Digital Forensics Management, and several digital forensics and fraud certifications.
Ryan is a Director for the Toronto chapter of the Association of Certified Fraud Examiners, has been qualified as an “expert witness” on numerous occasions, and is a frequent presenter at fraud, digital forensics, cybersecurity and investigative conferences worldwide.
Link of recorded webinar:
Understand Risk in Communications and Data BreachJon Gatrell
Secure communications whether you are sending a confidential message or a file with sensitive or proprietary information is necessary for users. IT needs to ensure that confidential business information is safe from data breaches and the negative effects a breach can have on your business’s reputation. Additionally, most businesses must comply with federal and industry regulations. You must maintain compliance with all mandates whether corporate, federal or industry-specific.
Micheal Green - JustTech
Mary O'Shaughnessy - Her Justice
Sart Rowe - LSNTAP
In this webinar we look at what phishing is, how it impacts legal aid organizations, and how to take steps to reduce the likelihood and impact of getting hit with an attack.
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
Network Security - What Every Business Needs to Knowmapletronics
"There are two kinds of big companies in the United States. There are those who've been hacked and those who don't know they've been hacked." FBI Director James Comey
Cyber security can feel overwhelming, and the items this slide deck covers will inform you on how to better prepare your business.
1) Why would a hacker target your business
2) What data should you protect
3) Avoiding security negligence
4) What can you do to protect your company
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Poss...Case IQ
Electronic Eavesdropping in the Workplace: Can We? Should We? What Could Possibly Go Wrong?
Complete the form below to watch the webinar
1
Electronic surveillance is becoming more prevalent in the workplace but there are issues, both legal and logistical, that need to be considered. There are pros and cons. It is a great tool to monitor employees but employers need to consider whether it will impair trust, injure relationships or send a negative message to the workforce.
Join Timothy Dimoff, security expert and president of SACS Consulting, as he discusses the pros and cons of electronic surveillance.
Logs & The Law: What is Admissible in Court?loglogic
What is the role of Log Data in legal cases, such as a database security breach? Learn how logs are used, best legal practices, logs as evidence, and what architecture and solutions can help.
With the possibility of a security incident or breach, immediate decision making is required. It's imperative that organizations kick off immediately their IR Plan and bring all functions together.
The Incident Response Decision Tree can help you build your IR Plan or ensure that you have all decision makers ready.
Time is of the essence in an incident or breach. OpenText Risk & Compliance Advisory and DFIR Teams are available to help organization in their response. For more information on OpenText Security Consulting, visit: https://www.opentext.com/services/security
The Inside Job: Detecting, Preventing and Investigating Data TheftCase IQ
Companies have enough to worry about from outsiders when it comes to cybersecurity. From stealthy hackers infiltrating their networks to criminal cyber-gangs stealing their data and government surveillance of their systems, security teams must be on their toes at all times. But the insider threat can be just as dangerous and sometimes harder to detect.
According to the 2015 Insider Threat Spotlight Report, 62 per cent of security professionals are seeing a rise in insider attacks. While many of these are malicious attacks, they can also be unintentional breaches. The consequences, no matter the motivation, can be equally devastating.
10. Security investigations , by nature, are reactiveDetect & contain Information Theft without collecting a single email * Ponemon Institute - 78% of US companies have suffered unreported insider breaches; 59% of departing employees steal company information.
17. Process is iterative – re-collection is inevitable Re-active & iterative Labor &cost intensive
18. Insider Theft Trade Secrets – departing employee UBS Accuses Three Quant Traders Of Stealing Its Source Code “UBS has filed a lawsuit against three quant former employees alleging that they stole proprietary trading software with the intent of using it at their new employer, Jefferies & Company.“ The three were also accused of starting their new jobs at Jefferies & Co while still employed at UBS. Uncover IP theft in minutes - without collecting email Early detection = containment!
19. Litigation Investigations Early Case Analytics Internal Investigations Example: M&A press leak. Who inside the company leaked information to the press [shaded grey]? Some individuals are authorized to speak to the press. Some are not! F Keavey who works in R&D should not be communicating with John Edmiston Quickly establish who to investigate and tag suspicious emails.
20. Kick-backs - FCPA Kick-backs - FCPA SEC fines GE $23M for FCPA violations General Electric Company, whose compliance program is among the most respected and admired in the world, has settled civil violations of the Foreign Corrupt Practices Act with the SEC. The company agreed to pay $23.4 million to resolve claims of kick-backs to Iraqi government officials for lucrative supply contracts by four GE subsidiaries paid under the United Nation's oil-for-food program. Quickly assess the severity of the investigation. Co-operate with authorities. Negotiate early. Early resolution = reduced fine and less PR exposure
21.
22. Automated anomalous Behavior reporting: identify high-risk relationships and define policy before incidents occur
KEY POINTSQuickly highlight the relationships that matter, saving time, enabling a risk assessment to be made earlier in the cycleBy knowing who and what to investigate EARLY, our clients save an enormous amount of time and money downstream in the EDRM process.EXAMPLE – JP Morgan - always on log file analysis – 250,000 employees – identify custodians, dramatically reduced the number of pst’s and hence emails that need to be collected, preserved and analyzed.Early Case Analysis and Assessment. How can you make a real assessment when you may not have all the right people, custodians, wrong data etc.The other methods just “tell you that their technology filter data sets down by 95% based on keywords etc” , but it is still looking at the data. One way the Catelas technology is being used for eDiscovery Cases is to analyzes log files from Exchange and other systems even before collecting any emails. The value comes from being able to make sure you have all the right suspects, custodians etc. upfront the first time. This allows functions such as Legal, Compliance, Risk and Information Security to understand both who knows who, how well and a chance to uncover non-obvious relationships, BEFORE a single email is ever collected and get a better handle of what data really needs to be collected. Normal methods of looking at content really may be (too big to look at all the emails, so some just look a snapshot –that still depends on your keywords or how good your search is)…that all changes with Catelas, because you can analyze log files (20GB may = 10-15 MM emails) and Catelas is the only ones doing that today. Avoid over collection and spoliation; preserve the right content by uncovering non-obvious relationships and activity
UBS loses trade secrets theft caseFeb 22 2010The US Financial Industry Regulatory Authority (FINRA) has ruled against UBS in its allegations that three of its former employees stole an algorithmic trading code used by the bank.The arbitration case found in favor of the three employees – Jatin Suryawanshi, Partha Sarkar, and Sanjay Girdhar. According to the UBS complaint, they were accused of misappropriating trade secrets, breach of contract, breach of fiduciary duty, unfair competition and “other wrongdoing” while they were employed by UBS Securities.They were accused of obtaining proprietary company information – in this case the source code for UBS’s algorithmic trading programmes. They were then planning to give the source code to their new employees at investment bank Jefferies & Co, according to the report which appeared in Securities Industry News.Reports said that Sarkar had allegedly copied 25,000 lines of computer source code from UBS computers. This was roughly equal to the length of one algorithm, or parts of several. He then allegedly emailed this code to this personal email account. Suryawanshi was also accused of attempting to hide his colleague’s theft by deleting the records from a UBS computer.The three were also accused of starting their new jobs at Jefferies & Co while still employed at UBS. Suryawanshi was accused of a breach of fiduciary duties by poaching the other two programmers to work for other investment bank. The three former UBS employees had denied the charges.
The Catelas Platform is based our UNIGUE combination of Sciences: Behavioural Analysis, Social Network Analysis, and Data Analytics. We analyze communications data including e-mail, IM and telephony. For the Webmail and external IM we would take a feed from the Firewall.Our advanced network & relationship analysis algorithms allow networks to be analyzed quickly. Within hours, Catelas identifies both the internal and external people who should be investigated, before all the email content is analyzed and reviewed. For example Catelas was deployed in 2 days into one of largest financial services companies, with 40 exchange servers/12 million emails per week, with no disruption to existing systems such as Microsoft Exchange. For example, the strength of a relationship is not solely influenced by the raw number of communications but rather the patterns within the interactions between two people. i.e. During a shared experience – such as working on a project together – the strength of Relationship between 2 people will become stronger faster. This is represented by a burst of interactions. We analyse these burst and other patterns to determine the strength of a relationship.