Joe Shepley discusses how important it is for InfoSec to get a handle on information in the organization to reduce risk.

1. Information Management, Data Theft,
and the Kill Chain
Joe Shepley, Doculabs

2. 2 Doculabs, Inc. 2017
Session Objectives
• Information security requires defending against what is often
the weakest link in the cyberattack kill chain at organizations:
data theft
• In this session, you'll learn how InfoSec can address the
information management risk posed by data theft and drive
value for the organization

3. 3 Doculabs, Inc. 2017
Why Information Management is Important to InfoSec
• The question of a breach isn’t if, it’s when
• When they get in, what will they find?
• When they find 5, 10, 15+ years of sensitive data that’s past it’s
legal and operational life, InfoSec is on the hook, not (typically)
records, legal, or IT
• InfoSec needs to address information management to reduce the
organization’s risk surface and do their job effectively

4. 4 Doculabs, Inc. 2017
The Kill Chain
Historically, data theft has been the weakest link in the Kill Chain,
and Chief Information Security Officers (CISOs) are now turning to
address it.
Research the
Organization
Introduce
Malware
Control
a Device
Find Other Devices
to Control
Stay or
Leave
Data
Theft
Find the Source
of the Data

5. 5 Doculabs, Inc. 2017
An Information Management Framework for InfoSec
Defensible Content
Disposition Playbook
Policy
Alignment
Procedure
Alignment
Content
Cleanup
Change
Management

6. 6 Doculabs, Inc. 2017
Policy Alignment
• You need to align your corporate policies with information
management good practices
• This alignment ensures that if you’re following the good
practices, you’re also following corporate policy
• The specifics will differ from organization to organization, but
there are some general areas that any policy alignment will
need to cover:
• Corporate records management policy must address both paper and
electronic records
• You need to address the security classification of data – e.g. public,
internal, confidential, highly confidential
• You need to address orphaned and abandoned data

7. 7 Doculabs, Inc. 2017
Procedure Alignment
• You need to align your disposition procedures with your policies
(and therefore your playbook)
• You need to provide detailed, step-by-step guidance for how to
disposition data – guidance which, if followed, makes it
reasonable for courts or regulatory bodies to assume that the
policies (and playbook) are also being followed
• You need to be granular – not content disposition, but rather a
series of linked procedures to guide your technical resources in
content disposition:
• E.g. file analytics procedure, disposition procedure, testing procedure,
remediation procedure, application decommissioning

8. 8 Doculabs, Inc. 2017
Defensible Content Disposition Playbook
• The primary concern in content disposition is getting it right
technically
• But the legal risks are more critical and potentially more
damaging
• You need a playbook to memorialize the requirements of the
disposition and the results
• You need to be able to defend what you did regarding content
disposition for the courts or regulators – 5, 10, or 15 years later

9. 9 Doculabs, Inc. 2017
Content Cleanup
• For some organizations, cleanup is a standalone effort to purge;
for others, it may be part of the preparations for a content
migration
• You need tools to help in the effort; it’s not reasonable to
expect end users to manually comb through their content to
purge junk or stale data, or to identify sensitive data that needs
to be protected

10. 10 Doculabs, Inc. 2017
Content Cleanup
• The results of your repository scan are likely to be something like the
following, which we’ve observed at dozens of clients over the last 10 years:
• Approximately 30 to 70 percent “junk” content, which can be removed
immediately
• Approximately 20 to 40 percent stale content (defined as older than 3 years, based
on date last accessed), which can be archived or purged, depending on your
approach
• An estimated 1 to 10 TB of stale sensitive content, which can be quarantined
immediately with no operational impact
• By classifying your content into these buckets and purging, archiving, etc.,
you’ll reduce your overall unstructured data footprint significantly (by
anywhere from 30 to 90 percent)
• Doing so reduces the overall risk posed by your unstructured data, because
you have less junk and stale data to distract you, as well as less sensitive
data to protect

11. 11 Doculabs, Inc. 2017
Change Management
Stakeholder Matrix
• Who are the key stakeholders that need to be informed of the change and
managed throughout your information management initiative?
Communications and Training Matrix
• What are the key communications and training events required for managing the
changes in information management?
• When do these communications and training events need to be delivered, and to
whom?
• What are the most appropriate vehicles for delivering communications and
training to your various stakeholders and user groups?
Communications and Training Schedule
• When do we need to execute the planned training and communications events?

12. 12 Doculabs, Inc. 2017
So Now What?
• Raise awareness in InfoSec about the importance of
information management
• Articulate the quick win efforts InfoSec can take to reduce junk
and stale data, identify sensitive data, and take preliminary
steps to protect it – which reduces their risk footprint and
shows progress to the C-level, the board, the courts, and
regulators

13. 13 Doculabs, Inc. 2017
Thank You
• Give me your card to get two Doculabs white papers on the
intersection of information management and InfoSec.
• Connect with me to continue the conversation:
• LinkedIn: https://www.linkedin.com/in/joeshepley/
• Twitter: @joeshepley
• Email: jshepley@doculabs.com
• Phone: 773.827.2945
I'd love to help you figure out how to partner effectively
with your information management team

14. Thank You
www.doculabs.comD C U L A B S
Joe Shepley
jshepley@docuabs.com
773.827.2945