Law firms need to pay particular attention to security. A breach can be particularly embarrassing for a legal practice if it is due to non-compliance with security-related legal obligations.
Law firms should seek guidance from the British Standard of information security management, BS 7799, or the recently created International Standard, ISO 17799. These aim to simplify security management issues.
A simple security cycle that draws on elements from BS 7799 is proposed (see diagram):
l Promote security awareness. It is vital that the importance of maintaining information security is promoted and communicated to all users.
l Conduct a risk assessment. Identify your security requirements by assessing the risks. This requires looking at the whole organisation and not just technical issues.
l Develop an information security management system. This requires defining an information security policy, the scope of the ISMS, identification of
information assets, the
controls to manage risks and a statement of applicability.
l Conduct an IT Health Check. Identify any technical vulnerabilities on your
networks and establish whether your system has been securely installed, configured and maintained.
l Monitoring and compliance checking. Managing information security is
an on-going concern. Technologies, legal and organisational requirements change. Regular reviews are essential to ensure security arrangements are up to date and adequate.
For the latest news on security, look at the following websites:
www.securityfocus.com
