On Demand
Audio
Ethical Risks & the Human Element of Information Security: Insiders and Social Engineering
Produced on August 28, 2017
Course Information
Course Description
Cyber security is often viewed as a technological field. Despite this, study after study has found that criminal hackers’ often low-tech “social engineering” attacks, malicious insiders, and even simple human error are the initial cause of the majority of data breaches and other security incidents. How do these attacks work? And what can you do to safeguard your clients and your practice?
Attorneys can also be held responsible for security incidents as a result of 2012 amendments to the American Bar Association’s Model Rules of Professional Conduct. These changes address the increasing use of technology in legal practice and the ongoing need to safeguard client and firm data.
Attorney and information security consultant Scott Aurnou will discuss the amended Rules and the basic steps needed to comply with them, including measures to secure confidential client and e-discovery information. He will provide a background of how electronic data and system access can be at risk from both external and internal attacks (as well as mistakes), outline methods used by attackers, and highlight key steps needed to mitigate risks facing law firms and organizations of all sizes.
Learning Objectives:
- Learn about ethical obligations under the ABA Model Rules pertaining to attorney competence, technology, and behavior-based security issues
- Identify and understand social engineering techniques
- Understand the types of human error that can place an organization at risk
- Examine the risk presented by malicious insiders
-
Understand effective measures that can be taken to mitigate the effect of human error, insider, and social engineering attacks
Credit Information
Faculty
Scott Aurnou
The Security Advocate
Scott Aurnou, Esq., CISSP is an attorney and founder of The Security Advocate, which helps organizations with information security and data privacy issues. This includes privacy and security awareness training, security consulting, compliance with cyber security and privacy laws and related legal concerns.
Scott spent over a decade as a litigation attorney in the NYC area, and served as lead counsel for a private client services group at Smith Barney. He uses his legal, security, and business background to make complex information security concepts easy to understand (and even entertaining on occasion) for non-technical audiences. He has published security related articles in national publications ranging from the New York Law Journal to SC Magazine. In addition, he has created and delivered numerous presentations on information security and data privacy issues for executives, managers, and professionals.
Scott is a Certified Information Systems Security Professional (CISSP), Certified Information Privacy Technologist (CIPT), Certified Information Privacy Professional (CIPP/US) and a Fellow of Information Privacy (FIP). He is admitted to practice law in New York, Colorado, the U.S. District Courts for the Eastern and Southern Districts of New York; as well as the U.S. Court of Appeals for the Second Circuit. He is also the author of the Introduction to Information Security LiveLessons video training series for Pearson Publishing.
Reviews
Very interesting and informative
this course was packed with extremely useful information.
Very clear examples
Excellent presentation.
Very helpful! Thank you!!
Extremely informative and the presenter explained the subject matter in an understandable way. Very much worth the time!
More excellent and practical information. Brilliant speaker.
Very impressive speaker who takes his audience with him every step of the way. His materials are very helpful. Definitely recommend.
great class
Excellent & informative.
Lots of great information packed in here
Excellent!
I've been in the security game for quite a few years. Nevertheless Scott's presentation pointed me to a number of resources I was not aware of before.
Excellent
Very relevant program.
Speaker was very knowledgeable and did a great job communicating a huge amount of information.
Excellent presenter. Could have listened for a couple hours more.
Excellent class.
Very timely and great explanations of some complex issues!
Outstanding block of instruction!
This was the best CLE I ever attended
Great course!
Good stuff here. I have worked or talked to folks who worked a couple of these cases and he got the details right.
Great presenter, useful information.
Materials and Presenter were outstanding!
Presenter very professional and expert in his field
I want to download this program to show my non-attorney friends. This speaker is great. I want to see his other programs (he mentioned a 4 hour one). Makes a very dry subject interesting, he is personable, he is one of the best instructors i have ever seen. EXCELLENT!
Probably;y best so far - substantive, pertinent, relevant and pragmatic for the not IT tech person.
Interesting. We have an IT department, but it was interesting nonetheless.
Very interesting!
Succinct. Enjoyable speaker. Thank you for a great survey.
Awesome speaker and information!!
thank you
Great presenter. Every one of his CLEs is helpful and interesting.
Excellent presenter!
Very informative presentation with entertaining examples - would recommend!
Best CLE I've ever watched. Excellent work.
Excellent and very interesting presentation. Very dynamic and comprehensive presentation in a relatively brief amount of time. Great overview education for older attoney who is nominally tech savvy and needed comprehensive approach to cyber security problems and solution considerations.
Incredibly knowledgeable
Excellent program.
Great updates and best practices for all practices
Good course!
Very informative course.
Excellent course and outstanding presenter.
Great!!
good dynamic speaker, good command of topic and explained it in understandable terms
This is one of the best courses on Lawline I have seen. I highly recommend attorneys watch this.
SPECTACULAR! Great presentation, nice to see presenter stand, great explanations of technical terms, engaging speaker.
Very helpful!
Interesting topic and presenter made it very approachable.
Great speaker and subject matter very informative and helpful
good speaker
awesome
Excellent content. Thank you.
Useful information
Many useful insights.
Clear and easy to understand.
Lecturer was knowledgeable and professional. Thank you.
Good Program
Excellent. Kept technical topic very interesting. Good presenter. Very relevant subject matter.
Great content, great provider. I have already recommended this to my husband's firm.
Very informative!!
Comprehensive information.
I enjoy these courses about tech and the internet.
Very thorough and competent speaker.
Brilliant.
Excellent session. Going to recommend the others in our office sign up for it. Great speaker. His humor, inserted at the appropriate times made it all the more enjoyable.
First two law line seminars I have taken have been excellent. Much useful content here.
Excellent presenter.
very good presenter who covered significant content in 1.5 hours
Knowledge all lawyers need.
A very good presentation
Excellent
Useful information. Thank you.
Very informative presentation!
Great materials.
Very effective presentation
great presenter and super helpful information
Superb presentation by a very knowledgeable and engaging speaker. Thank you.
practical information for personal as well as business needs
Super informative and helpful. Great tips on security software!
One of the best programs I've seen. Great info with a lot of helpful specifics to get more detailed info.
Excellent info. A bit scary, tho. Will cause me to do the things he suggests to have a more secure law office. Thanks.
I work with InfoSec in my job, this was very good.
This was an excellent presentation!!!
I particularly like the Lawline videos with transcripts.
One of the best CLEs, Lawline or otherwise. I've attended.
A very helpful and interesting CLE and better than any I've attended on this subject.
Very thorough
this course was the best primmer course on computer security I've taken in a long time.
Good content.
Suggestions for multiple pronged approach were very useful.
Knew his stuff
Scott is a real asset to the emerging field of information security law.
Super interesting
very good
Very good and liked his humor.
Outstanding, highly informational and useful
Very comprehensive review of the topic. Impressive!
Excellent and densely packed presentation.
Good information
Very good program
very clear explanation of threats and how to avoid them; good information on methods of breach and resources to prevent them.
This course was very interesting and informative and I will be sharing the information with my staff.
Best cyber presentation I’ve listened tooZ... offered practical advice and made product recommendations
Good stuff
The presenter actually made the course fun!
very interesting topic and good speaker
Outstanding presentation and references for further study. Truly awesome.
good
This is the best Law- line course I have seen
Scott was Excellent!
excellent presentation and speaker
Actually worthwhile!!!
Fantastic course. Highest level.
Great presenter. Watching all of his courses.
This was very informative and helpful. The presenter was excellent and gave a great deal of information in a way that was easy to assimilate.
Excellent content and presentation. Would thoroughly recommend.
Very helpful and practical
Much more interesting and engaging than I expected from a cyber security program. Good stuff!
Very helpful and timely course
Outstanding presentation.