This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Professional Monitor: In association with (ISC)2

Share this article:
Professional Monitor: In association with (ISC)2
Professional Monitor: In association with (ISC)2

With recession threatening more litigation and savvy judges hot on the trail of electronic data, security professionals and lawyers need to share their expertise.

While regulatory compliance drives much of what information security professionals do, they have not generally had to develop legal expertise. However, as IS management becomes data- rather than network-centric, this could be changing.

Mark Surguy, senior associate with lawyers Pinsent Masons, specialises in corporate cases, often with a fraud element. He has seen a growing overlap in required expertise between IS and his own professional domain. He believes organisations would benefit from collaborative professional development.

“In the past five years, it would have been impossible to do my job without some understanding of technology. I have had to develop an appreciation for the professional security perspective,” he explains. “If IS professionals and their legal teams were to talk more, they both would benefit. And they would drive needed data governance in a world where information crosses varied geographical regions and legal jurisdictions.”

He highlights two major differences between litigation today and during the last recession of the 1990s. Then, little evidence was held electronically, while today almost all evidence will be electronically stored; and judges are going to insist on access to the evidence quickly and at a proportionate cost.

When information is not produced, while there is no UK system of punitive fines, cases can be thrown out and organisations made to pay costs. Surguy says: “It is not sufficient to delegate these matters to the IT department, which knows nothing about litigation, or expect the legal department (which knows little about technology) to cope alone. A team approach is required.”

(ISC)2 European advisory board member Alessandro Moretti concurs: “The legal professional is in increasing demand, helping clarify what information needs to be controlled and what expectations the data owner and regulator may have. Legal guidance is needed to set adequate IS controls.

“The great advantage of having so much electronically stored information is that it makes it easy to reconstruct the history of any case,” Surguy says. “But disorganised data storage, an absence of document-management policies and a high turnover of IT staff mean that many companies are sitting on a ticking bomb.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in Opinion

Step by step through the 'Phishing Kill Chain'

Step by step through the 'Phishing Kill Chain'

Stop the kill-chain higher up to increase chances fo preventing an attack says Patrick Peterson.

Combating 'malvertising'

Combating 'malvertising'

Web sites that take advertising need to protect against inadvertently delivering malware to their users, before, during and after an attack, explains Terry Greer-King.

Should flexible working result in flexible security?

Should flexible working result in flexible security?

Flexible working can bring security pitfalls, according to Imation's Nick Banks.