(C)2012 The Lorenzi Group - All Rights
             Reserved
95,000
ISACA
               160 Countries
             C-Level Executives
            Auditors & Educators
        IT Professionals & Students

 Leading GLOBAL provider of education and
certificates for IT Assurance, Security, Risk &
                  Compliance
Set it and Forget it Security

          Is DEAD
YOUR
Time is NOW
Concepts of Security are Changing
The only thing you should be secure about is
           that nothing is secure

             Organized Crime
                Random
               Hacktivists
               Employees
Greatest Risk to Business?
• Employees, Contractors, Vendors &
  Partners

• Inside vs. Outside
• Don’t stop protecting outside…..
Here lies another
     big Co.

 Didn’t care about
security and always
    said “NO”.

 While fighting off
buying more A/V…

 Employees and
 Vendors stole its
     Money!
(C)2012 The Lorenzi Group - All Rights
             Reserved
(C)2012 The Lorenzi Group - All Rights
             Reserved
(C)2012 The Lorenzi Group - All Rights
             Reserved
Are DEAD


R.I.P.

(C)2012 The Lorenzi Group - All Rights
             Reserved
(C)2012 The Lorenzi Group - All Rights
             Reserved
COULD
     be
                                    NEXT…..
   (C)2012 The Lorenzi Group - All Rights
                Reserved
The Future of Data is…..
Disperse Accessibility
NOTE:
This is NOT the “cloud”, mobile devices, or partner networks….
(C)2012 The Lorenzi Group - All Rights
             Reserved
Mark Pincus

(C)2012 The Lorenzi Group - All Rights
             Reserved
ISACA – The Maine Event
Digital Forensics: Yesterday, Today, &
          the Next Frontier
           The Lorenzi Group
Digital Forensics & eDiscovery

• 2 Step Process
  – Capturing and preserving everything
  – Preparing the “Useful” information
SMILE!
                     Digital Forensics
           Digital Forensics                 Using a 35mm Camera
Create a Forensic Image (Preserve Data)          Take a Picture
      Restore the Forensic Image                Develop the Film
       Analyze the Information            Choose the Pictures you want
   Report (and Testify) as necessary           Build a Scrapbook
E-Z eDiscovery

1. Convert paper to electronic images
2. Combine images with Digital Forensics
   results
3. Filter out Unnecessary Info
4. Review Results
5. Submit
Litigation Hold
                   Legal Notice

Starts the moment litigation becomes reasonably
                    possible

Requires parties to preserve all potential evidence

   Failure to abide could bring sanctions, fines,
       dismissal of case, & criminal charges
SPOLIATION
• The alteration and/or destruction of data

• Examples:
  – Resending an email
  – Opening a Word document
  – Deleting a picture
  – Turning on a computer
In the Beginning…….
• Digital Forensics was about DATA

• Mainly, RECOVERING data

                  Limited Use
               Limited Exposure
                  Limited Risk

                (C)2012 The Lorenzi Group - All Rights
                             Reserved
4 Step Process

       Preserve
       Restore
       Analyze
      Testimony



                                NOTE: This IS all or NOTHING.

 (C)2012 The Lorenzi Group - All Rights
              Reserved
Today it’s……..
• eDiscovery is about CYA

• Mainly, making sure only SOME documents go

                Expanded Use
             Exponential Exposure
               Exponential Risk

                (C)2012 The Lorenzi Group - All Rights
                             Reserved
eDiscovery Steps

           Input
          Review
            Cull
          Review
          Approve
          Deliver

   (C)2012 The Lorenzi Group - All Rights
                Reserved
The Future…..
• Data Security is about protecting data FIRST

• Digital Forensics is critical
• eDiscovery is limited (b/c you KNOW)

       Unlimited Use (Work/Life is gone)
               Limited Exposure
                 Limited Risk
              (C)2012 The Lorenzi Group - All Rights
                           Reserved
Security Analytics
The analysis of device and user generated data
to understand patterns, usage, and anomalies.

      Provides hard and soft results on:
                          Security
                        Compliance
                        Productivity


                (C)2012 The Lorenzi Group - All Rights
                             Reserved
User/Device Monitoring
• Improves Data Security Exponentially
    – Mistakes
    – Desperate
    – Criminal
• Makes Compliance Easier
• Can provide Productivity metrics
    –   Termination Justification
    –   Training Needs
    –   Resource Allocation
    –   Cost Saving Opportunities

Examples:
Lockheed, Fidelity, USPS, Kaiser Permanente (many others)
FCPA & UKBA2010
              Your BEST Friend
      Your CLIENTS WORST Nightmare

The tentacles of Govt regulation are spreading

           Are YOUR clients ready?
               Are YOU ready?
Stored Communications Act
           Who Owns the DATA?

Accessing personal emails and texts – Illegal

              Unless…
Company owns the device (looking locally)
   Company pays for device service

                  BYOD?
BYOD
• Stored Communications Act

• Employee Owned/Company Paid

• Company Owned
ADA
EU says web surfing is an addiction

     What does the US say?

           REALLY????
If the data is protected FIRST…

                eDiscovery is EASY
  Digital Forensics (your analysis) is INSTANT
    The money shifts from THERE to HERE
 Data, Clients, & Organizations are PROTECTED

NEED to promote the value of Compliance Audits



                (C)2012 The Lorenzi Group - All Rights
                             Reserved
OUR Future?

                       Tech

    Writer                             Speaker




Psych
             HERE                                Legal



   Project
                                         Logic
   Manager
                       Stats



        (C)2012 The Lorenzi Group - All Rights
                     Reserved
Final Thoughts
               Social Media is good for business

             Acceptable Use Policies are required

                     BYOD isn’t necessary

          Ongoing Training & Reminders are critical

The future of Digital Forensics is protecting is before it’s lost!

           Who will ensure data is protected? YOU
Robert Fitzgerald
  The Lorenzi Group
  866-632-9880 x123
www.thelorenzigroup.com




     (C)2012 The Lorenzi Group - All Rights
                  Reserved

Digital Forensics: Yesterday, Today, and the Next Frontier

  • 1.
    (C)2012 The LorenziGroup - All Rights Reserved
  • 2.
  • 3.
    ISACA 160 Countries C-Level Executives Auditors & Educators IT Professionals & Students Leading GLOBAL provider of education and certificates for IT Assurance, Security, Risk & Compliance
  • 4.
    Set it andForget it Security Is DEAD
  • 5.
  • 6.
    Concepts of Securityare Changing The only thing you should be secure about is that nothing is secure Organized Crime Random Hacktivists Employees
  • 7.
    Greatest Risk toBusiness? • Employees, Contractors, Vendors & Partners • Inside vs. Outside • Don’t stop protecting outside…..
  • 8.
    Here lies another big Co. Didn’t care about security and always said “NO”. While fighting off buying more A/V… Employees and Vendors stole its Money!
  • 9.
    (C)2012 The LorenziGroup - All Rights Reserved
  • 10.
    (C)2012 The LorenziGroup - All Rights Reserved
  • 11.
    (C)2012 The LorenziGroup - All Rights Reserved
  • 12.
    Are DEAD R.I.P. (C)2012 TheLorenzi Group - All Rights Reserved
  • 13.
    (C)2012 The LorenziGroup - All Rights Reserved
  • 14.
    COULD be NEXT….. (C)2012 The Lorenzi Group - All Rights Reserved
  • 15.
    The Future ofData is…..
  • 16.
    Disperse Accessibility NOTE: This isNOT the “cloud”, mobile devices, or partner networks….
  • 17.
    (C)2012 The LorenziGroup - All Rights Reserved
  • 18.
    Mark Pincus (C)2012 TheLorenzi Group - All Rights Reserved
  • 19.
    ISACA – TheMaine Event Digital Forensics: Yesterday, Today, & the Next Frontier The Lorenzi Group
  • 20.
    Digital Forensics &eDiscovery • 2 Step Process – Capturing and preserving everything – Preparing the “Useful” information
  • 21.
    SMILE! Digital Forensics Digital Forensics Using a 35mm Camera Create a Forensic Image (Preserve Data) Take a Picture Restore the Forensic Image Develop the Film Analyze the Information Choose the Pictures you want Report (and Testify) as necessary Build a Scrapbook
  • 22.
    E-Z eDiscovery 1. Convertpaper to electronic images 2. Combine images with Digital Forensics results 3. Filter out Unnecessary Info 4. Review Results 5. Submit
  • 23.
    Litigation Hold Legal Notice Starts the moment litigation becomes reasonably possible Requires parties to preserve all potential evidence Failure to abide could bring sanctions, fines, dismissal of case, & criminal charges
  • 24.
    SPOLIATION • The alterationand/or destruction of data • Examples: – Resending an email – Opening a Word document – Deleting a picture – Turning on a computer
  • 25.
    In the Beginning……. •Digital Forensics was about DATA • Mainly, RECOVERING data Limited Use Limited Exposure Limited Risk (C)2012 The Lorenzi Group - All Rights Reserved
  • 26.
    4 Step Process Preserve Restore Analyze Testimony NOTE: This IS all or NOTHING. (C)2012 The Lorenzi Group - All Rights Reserved
  • 27.
    Today it’s…….. • eDiscoveryis about CYA • Mainly, making sure only SOME documents go Expanded Use Exponential Exposure Exponential Risk (C)2012 The Lorenzi Group - All Rights Reserved
  • 28.
    eDiscovery Steps Input Review Cull Review Approve Deliver (C)2012 The Lorenzi Group - All Rights Reserved
  • 29.
    The Future….. • DataSecurity is about protecting data FIRST • Digital Forensics is critical • eDiscovery is limited (b/c you KNOW) Unlimited Use (Work/Life is gone) Limited Exposure Limited Risk (C)2012 The Lorenzi Group - All Rights Reserved
  • 30.
    Security Analytics The analysisof device and user generated data to understand patterns, usage, and anomalies. Provides hard and soft results on: Security Compliance Productivity (C)2012 The Lorenzi Group - All Rights Reserved
  • 31.
    User/Device Monitoring • ImprovesData Security Exponentially – Mistakes – Desperate – Criminal • Makes Compliance Easier • Can provide Productivity metrics – Termination Justification – Training Needs – Resource Allocation – Cost Saving Opportunities Examples: Lockheed, Fidelity, USPS, Kaiser Permanente (many others)
  • 32.
    FCPA & UKBA2010 Your BEST Friend Your CLIENTS WORST Nightmare The tentacles of Govt regulation are spreading Are YOUR clients ready? Are YOU ready?
  • 33.
    Stored Communications Act Who Owns the DATA? Accessing personal emails and texts – Illegal Unless… Company owns the device (looking locally) Company pays for device service BYOD?
  • 34.
    BYOD • Stored CommunicationsAct • Employee Owned/Company Paid • Company Owned
  • 35.
    ADA EU says websurfing is an addiction What does the US say? REALLY????
  • 36.
    If the datais protected FIRST… eDiscovery is EASY Digital Forensics (your analysis) is INSTANT The money shifts from THERE to HERE Data, Clients, & Organizations are PROTECTED NEED to promote the value of Compliance Audits (C)2012 The Lorenzi Group - All Rights Reserved
  • 37.
    OUR Future? Tech Writer Speaker Psych HERE Legal Project Logic Manager Stats (C)2012 The Lorenzi Group - All Rights Reserved
  • 38.
    Final Thoughts Social Media is good for business Acceptable Use Policies are required BYOD isn’t necessary Ongoing Training & Reminders are critical The future of Digital Forensics is protecting is before it’s lost! Who will ensure data is protected? YOU
  • 39.
    Robert Fitzgerald The Lorenzi Group 866-632-9880 x123 www.thelorenzigroup.com (C)2012 The Lorenzi Group - All Rights Reserved