IT Security: The best practices to prepare for the worst
2.00 – 2.15pm | Sumac Room
People often yawn if you ever mention IT policies. And why shouldn’t they? Most policies are boring, often ignored and only meant to help firms pass client security audits right? Wrong!
When well-written, your IT policies should form the basis for how your firm uses its information systems to interact with clients, employees and third-party contractors. They should be practical, understood by everyone in your organization and be regularly reviewed. Good policies should have corresponding kinetic controls in the real world. Your firm’s policies should be designed so they set the tone for your organization’s holistic approach to information governance. Allow John Stambelos, founder of Stambelos Consulting (and former CIO for Munger, Tolles & Olson) to spend 15 minutes to take you on a speed-dating tour through the process to construct your firm’s comprehensive information security policies including:
* Risk assessment
* Physical and environmental security
* Information security
* Identity and access management
* Incident event management
* Human resources
* Change and configuration management
* Security awareness training
* Vendor management
* Asset management
* Vulnerability and patch management, and
* Business continuity and disaster management
Learn more about best practices for IT security in John’s recent ALTA blog post.
John Stambelos was the IT manager for a large Chicago-based law firm for 11 years before becoming the IT director for one of the most well-regarded law firms in the country based in Los Angeles. John formed his own cybersecurity consultancy in 2018. John is also the Chief Information Security Officer for automated attorney timekeeping company Ping, based in San Francisco. Today, he helps clients ranging from Silicon Valley startups to some of the largest law firms in the world understand how best to invest resources in cybersecurity. Because it’s easy to get lost or overwhelmed, John helps clients understand how people, policy and technology must all fit together so their security program matches their capabilities.