Confessions of a Plaintiff's Expert
Interhack founder Matt Curtin addresses the InfraGard Toledo Members Alliance in Toledo, Ohio, on the topic Confessions of a Plaintiffs' Expert on December 7, 2007.
Abstract
If your company's attorneys had to represent to a court that your organization did not have a particular record, could they do so correctly and with confidence?
Corporate information technology (IT) departments are widely tasked with ensuring that information is always available when needed by the business. Requirements for integrity and confidentiality have driven additional changes in policy for information management and the mechanisms used to implement such policy. To a large degree, these matters have widely been considered "technology" issues, handled exclusively within the domain of IT management.
Risk, however, goes far beyond the matter of hostile actors breaking into systems with sensitive data. With legal, regulatory, and contractual issues binding the organization, a failure of effective information management poses considerable risks to the organization. The possibility of indictment of executives and firms, fines paid to regulators, and settlements paid to plaintiffs weigh on the consciousness of businesses of all types.
To illustrate how technologists and lawyers need to work together to identify and to manage risk in the organization, Matt Curtin will discuss his work as a forensic computer scientist and a case where his analysis led to findings contrary to assertions made by the company sued for violating the privacy of people using the Web. Attendees should understand the need for cooperation among disciplines in the organization and strategies for ensuring success.
About the InfraGard Toledo Members Alliance
The InfraGard Toledo Members Alliance has been established to facilitate the exchange of information critical to the protection of the Nation's infrastructure. Organizations involved include the U.S. Government (led by the FBI) and an association of businesses, academic institutions, state and local law enforcement agencies, and other participants. For more information on the mission of InfraGard, visit www.infragard.net.
About Interhack
Based in Columbus, Ohio, Interhack Corporation is a professional services firm with clients all over North America. Founded in 1997 by a team of information security researchers, Interhack accepted the mission to make global computing and communications infrastructures worthy of trust. Interhack's two practice areas, Information Assurance and Forensic Computing, support that mission. The company is a supporting member of The Usenix Association. Additional information about Interhack is available at web.interhack.com.