News from 2010

Columbus, OH—Mobile devices are increasingly common in adjudication. Interhack Founder Matt Curtin discusses the use of electronic information from mobile devices for continuing legal education credit at the Columbus Bar Association on December 14, 2010. 

This seminar discusses the use of electronic information in litigation broadly, with particular emphasis on data beyond documents. After considering analytical possibilities with forensic analysis of non-document data, we focus on the issues unique to mobile devices. We start with an overview of the data available on mobile devices, how to find that mobile devices might have data of interest, and how to use mobile device data. We conclude with a case study involving intellectual property litigation centered around the use of BlackBerrys to transfer intellectual property from an old employer to a new one.

Legal professionals who would like to participate may register at the Columbus Bar Association Web site.

Schedule An Interhack Program in Your Organization

Interhack delivers presentations for CLE and CJE credit. If you would like to schedule an Interhack presentation in your association or law firm, please contact us for rates and availability.

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

Columbus, OH—Interhack Visiting Scientist Jack Jones speaks to senior information technology leaders at the CIO Solutions Gallery in Columbus, Ohio on November 30, 2010 about what risk is. Mr. Jones introduces the audience to a consistent nomenclature to quantify risk and a method to assess it.

Ask a group of information security professionals to define risk, and you are certain to get several different answers. In addition, often the terms risk, threat, and vulnerability are used interchangeably, even though they are not the same thing. Without a solid understanding of what risk is, what the factors that drive risk are, and a consistent nomenclature to quantify and assess it, you cannot effectively communicate or sell a strategy to manage it. Listen to how one former Fortune 100 CISO solved that problem.

The CIO Solutions Gallery events are invitation only. 

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

Columbus, OH—Interhack Visiting Scientist Jack Jones shares risk management expertise during a Business of Security Webcast on Wednesday November 17, 2010. Jack unveils a key strategic method from the Factor Analysis of Information Risk (FAIR) method—Visibility Analysis. 

Jack asserts that effective risk management requires visibility into the risk landscape, e.g., what kinds of information the organization stores, how it is secured. Visibility enables prioritization of risk management efforts and helps prevent surprises.

Join Jack for the Webcast Risk Management: Is Your Visibility Severely Clouded? on November 17, 2010 at 11:30AM-12:30PM EST and learn the FAIR Visibility Analysis method. 

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

Interhack Corporation continues to showcase its computer expert services at national legal associations in 2010.  On October 20-22, the company returns to the DRI Annual Meeting in San Diego, California. Attorneys understand that successful defense requires mastery of the facts. When the facts are electronic, they can rely on Interhack computer experts to deliver unassailable opinion. 

Interhack Founder and computer expert C. Matthew Curtin will be on hand at the DRI Annual Meeting.  Curtin presented Discovery Beyond Documents at the DRI Medical Liability and Health Care Law seminar in Buena Vista, Florida in 2009. Defense attorneys, corporate and in-house counsel, and others heard Curtin's account as a computer science expert in a wrongful death case that hinged on interpretation of electronic information. The audience learned how data in electronic medical records differ from the electronic documents that we're most used to and what that means for discovery. They also learned how and when to use an expert in such cases and how to be prepared for discovery… beyond documents.

Courts and attorneys around the country rely on the opinion of Interhack computer experts when the facts of a case are electronic. Attorneys attending the DRI Annual Meeting this year have the opportunity to discover their secret weapon—unassailable opinion delivered artfully by Interhack scientists.

Schedule An Interhack Program in Your Organization

Interhack delivers presentations for CLE and CJE credit. If you would like to schedule an Interhack presentation in your association or law firm, please contact us for rates and availability.

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

Columbus, OH—Interhack Senior Analyst Lee Ayres participates in a panel discussion about information security in a nonprofit setting at the GroundWork Group 5th Annual Central Ohio Nonprofit IT Conference on Friday October 15, 2010. Ayres helps business leaders to see beyond the technology and to use business and legal resources to secure protected information processed in a low budget setting.

Ayres draws on experience helping companies both to prevent and to respond to data loss incidents. He also helps attorneys in litigation understand how to make use of systems and data available to them as evidence.  

Ayres is co-author of the study Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry. In the study, Ayres and co-auther C. Matthew Curtin propose a taxonomy for classifying data loss incidents with public information.  Examining publicized data breaches by type and industry, they find significant results for Finance, Education, Public Administration, and Health Care. The research is published in Volume 4, Issue 3 (Winter 2008–09) of I/S: A Journal of Law and Policy for the Information Society, an interdisciplinary journal of research and commentary, concentrating on the intersection of law, policy, and information technology.

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

October 7, 2010—Interhack founder C. Matthew Curtin discusses online security and rational protection of information on October 13 at the State of Ohio Cyber Summit. The Summit is held October 12-13 at the Ohio Department of Transportation in Columbus, Ohio. Sessions focus on cyber security in business, local government, and education.

The Summit is an initiative of The U.S. Department of Homeland Security's National Cyber Security Division. Together with the National Cyber Security Alliance, they will provide a briefing of the progress and partnership with States and local communities in cyber security. The briefing will include current trends in cyber security and the relevance to the State of Ohio.

Participants are:

• Matthew J. Eggers, Senior Manager, National Security & Emergency Preparedness Department, U.S. Chamber of Commerce (moderator)
• Jenny Menna, Director, Critical Infrastructure Cyber Protection & Awareness, National Cyber Security Division, U.S. Department of Homeland Security
• David Shaw, Chief Information Security Officer, State of Ohio
• Don Tillman, Owner, Safe Data Destruction
• Michael Kaiser, Executive Director, National Cyber Security Alliance
• C. Matthew Curtin, Founder, Interhack Corporation

Inquire or register to attend by sending email to cybersummit@ohio.gov. 

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

COLUMBUS, OH (JULY 27, 2010)—Interhack computer scientist C. Matthew Curtin presents Preparing for Litigation: The Importance of Strong Electronic Information Management at the 2010 AHIMA National Conference in Orlando, Florida. In his role as a computer expert witness, Curtin was hired to sort out a conflicting electronic medical record. He presents the matter as a case study showing how health information should be managed in anticipation of electronic discovery in litigation.

Health information managers daily make decisions that they may not realize affect future litigation. Matt Curtin is the Founder of Interhack Corporation, a computer experts firm. He has experience as a Rule 26 expert in litigation where the affects of those decisions become manifest. In this case, mismanagement led to sanctions in the form of the Defendant paying for the Plaintiff's expert and Plaintiff's counsel to work with the expert. 

In a 2009 article Discovery Beyond Documents prepared for presentation at the Defense Research Institute, Curtin describes in detail electronic discovery of data types like medical records, data bases, billing records, etc., the kinds of information available beyond electronic versions of "documents." 

Schedule This Program in Your Organization

Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

AUGUST 19, 2010—Interhack is pleased to announce the addition of Jack A. Jones to its Information Assurance practice. Mr. Jones joins Interhack as a visiting scientist with expertise in the area of information risk management. From debate about security risk associated with WikiLeaks documents to pressure from the SEC for better reporting on risk information, quantifying risk—especially information risk—is increasingly important. Jack Jones' information risk assessment methodology—Factor Analysis of Information Risk, or FAIR—quantifies risk. 

Jack brings 27 years of experience in information technology with 19 years experience in information security and risk management. During this time, he’s worked in the United States military, government intelligence, consulting, as well as the financial and insurance industries. Jack has over seven years of experience as a Chief Information Security Officer (CISO), with five of those years at a Fortune 100 financial services company where he developed one of the most progressive information risk management programs in the industry. His work there was recognized in 2006 when he received the 2006 ISSA Excellence in the Field of Security Practices award.

Jack was featured in an article on the 9 Habits of Highly Successful CISO’s in the July 2006 edition of Information Security Magazine. In 2007, Jack was selected as a finalist for the Information Security Executive of the Year, Central United States, and was a judge for the national Information Security Executive of the Year competition. From 2008 to 2009 he was also an invited member of an international task force involved in developing one of ISACA’s latest publications: Enterprise Risk: Identify, Govern and Manage Risk, The Risk IT Framework.

Since 2008, Jack has been providing risk analysis and risk management training, analysis tools, and consulting services through his own company, Risk Management Insight. His clients include Fortune 10 energy, Fortune 100 financial services, Fortune 100 technology, and Fortune 500 retail companies. Jack holds CISM, CISSP, CISA, and CRISC certifications.

For more information about applications of the FAIR information risk management methodology in your organization, contact Abby Park at abbyp@interhack.com. 

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

JULY 12, 2010—Interhack showcases its computer expert services at the American Bar Association (ABA) Annual Meeting and Expo in San Francisco, California, on August 5-7, 2010. 

Computer science expert Matthew Curtin will be on hand at the Moscone Center West Exhibit Hall.  He will show litigators and corporate attorneys how early case assessment with the help of a Rule 26 expert can be the basis for a defensible discovery strategy at a low cost. An expert brought in early can 

• ensure competent, defensible discovery procedures and execution, 
• help you to be sure you’re getting the right data, and 
• provide strategies and protocols to keep the cost down. 

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

Interhack founder C. Matthew Curtin presents a live webcast When Prevention Fails: The Role of IPS in Incident Response on Thursday July 8, 2010 at 4:00 PM EDT. Curtin led the outside response team that restored service to an international organization taken offline by a security incident. The webcast reviews the story and discusses lessons learned. 

Intrusion prevention technology is understandably focused on using network data to detect and to stop intrusions in progress. When (not if) intrusion prevention systems fail to prevent intrusions, can they provide any value to the management of an incident?

This case study shows the IPS technology in place, the role that it played in addressing the incident, and how the incident progressed when the IPS failed to achieve its expected objectives. Lessons learned will include consideration of how IPS technology can better be deployed, how available data may be used to assess fast-moving situations, and how IPS technology can fit into a larger program for identifying and responding to security incidents.

Curtin is a forensic computer expert. He analyzes information technology and electronic stored information in incident response and to answer questions that arise in adjudication. He has appeared as an expert witness in both civil and criminal cases, dealing with everything from electronic discovery to assessment of information technology in practice. Since 1998, Mr. Curtin has maintained a regular academic appointment as a Lecturer at The Ohio State University's Department of Computer Science and Engineering.

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

May 20, 2010—Interhack Corporation is happy to announce a key to improve consistency of classification of data breaches within its taxonomy of data breaches published in 2009. The key was presented as a work in progress paper at the IEEE workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), in Berkeley, California on May 20, 2010. 

In earlier research, Interhack proposed a taxonomy to classify data breaches by proximate cause based on public information that is both accurate and as precise as the data will allow. The analysis showed statistically significant correlations between breach type and some industries. The research, Using Science to Combat Data Loss: Analysis of Breaches by Type and Industry, was published in Volume 4, Issue 3 (Winter 2008–09) of I/S: A Journal of Law and Policy for the Information Society. 

The paper Standardizing Breach Incident Reporting: Introduction of a Key for Hierarchical Classification was authored by Interhack Founder C. Matthew Curtin, Interhack Senior Analyst Lee T. Ayres, and University of Washington student Thomas A. Ng. Mr. Ng presented the paper at the IEEE SADFE workshop. 

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

Interhack returns to the Ohio State Bar Association's Annual Convention in Dayton, Ohio, on May 6-7, 2010. The company showcases its computer expert services. Attorneys visiting Interhack's booth find out how to use Rule 26 expert witnesses at Interhack to ensure competent e-discovery without spending a fortune. An expert brought in early can 

• help to be sure you're getting the right data,
• ensure defensible discovery procedures and execution, and
• provide strategies and protocols to keep the cost down.

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

COLUMBUS, OH—Interhack presents Preparing for the Data Breach: Live Incident Response Team Drilling at Platform Labs on March 24, 2010.  Intuitively we understand how a plan can be well executed: we practice. Athletes practice their games day in and day out. Nobody wins on game day without going through the exercise. Is your incident response team prepared to win? 

In business, incident response training is often a tabletop scenario over the lunch room table. Interhack conducts full mock events using real servers and personnel. Drawing on experience running these live drills with their clients, Interhack founder C. Matthew Curtin relates the process of planning for, executing, and cataloging the lessons from live incident response drills. The seminar will show how your organization can prepare for high-risk incidents using this live drill method.  

For more information about hosting live incident response drills for your organization, contact Interhack.

Schedule This Program in Your Organization

Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

February 25, 2010—How does data loss occur in health care? Interhack founder C. Matthew Curtin presents an analysis of five years' worth of breach data, showing how the Health Care sector is unique in data breach issues. He presents findings on Wednesday, March 3 at the HIMSS 2010 conference in Atlanta, Georgia.

Schedule This Program in Your Organization

Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.

About Interhack

Based in Columbus, Ohio, Interhack Corporation is a computer expert firm with practices in Information Assurance and Forensic Computing.  Founded in 1997 by a team of information security researchers, Interhack works to make global computing and communications infrastructures worthy of trust.  Today the firm has clients all over North America.  Additional information about Interhack is available at web.interhack.com.

February 26, 2010—Interhack founder C. Matthew Curtin presents Electronic Information in Litigation on March 3, 2010 at HIMSS 2010 in Atlanta, Georgia.  Management of health information must include the ability to respond to litigation holds and electronic discovery.  How do data in electronic medical records differ from the electronic documents that we're most used to, and what does that mean for discovery? 

Curtin relates his experience as a computer science expert in a wrongful death case that hinged on interpretation of such health data. Leaders in health information management and counsel learn how to prepare their organizations for discovery beyond documents.

Schedule This Program in Your Organization

Interhack delivers presentations for CLE and CJE credit. If you would like to schedule this or another Interhack presentation in your association or law firm, please contact us for rates and availability.

About Interhack

Based in Columbus, Ohio, Interhack Corporation is a computer expert firm with practices in Information Assurance and Forensic Computing.  Founded in 1997 by a team of information security researchers, Interhack works to make global computing and communications infrastructures worthy of trust.  Today the firm has clients all over North America.  Additional information about Interhack is available at web.interhack.com.

February 26, 2010—Interhack Founder C. Matthew Curtin presents the findings of an analysis of five years' worth of breach data, showing correlations between breach type and industry. He will speak at the Information Security Committee meeting of the American Bar Association Law and Technology section on Saturday February 27 in San Francisco, California. 

Applying the findings, Curtin then discusses with the committee how to help corporate clients prepare for and prevent data breaches. 

The original Interhack research presented is from Using Science to Combat Data Loss: Analyzing Breaches by Type and Industry, published in Volume 4, Issue 3 (Winter 2008–09) of I/S: A Journal of Law and Policy for the Information Society. In San Francisco, Curtin presents updated findings that include two more years of breach data.

About Interhack

Based in Columbus, Ohio, Interhack Corporation is a computer expert firm with practices in Information Assurance and Forensic Computing.  Founded in 1997 by a team of information security researchers, Interhack works to make global computing and communications infrastructures worthy of trust.  Today the firm has clients all over North America.  Additional information about Interhack is available at web.interhack.com.

February 17, 2010—The U.S. Department of Homeland Security's National Cyber Security Division and the National Cyber Security Alliance will provide a briefing of the progress and partnership with States and local communities in cyber security. The briefing will include current trends in cyber security and the relevance to the State of Ohio.

Interhack founder C. Matthew Curtin will discuss the issue of cyber security and rational protection of information: the questions that every chief information officer must answer.

Other participants are:

• Matthew J. Eggers, Senior Manager, National Security & Emergency Preparedness Department, U.S. Chamber of Commerce (moderator)
• Jenny Menna, Director, Critical Infrastructure Cyber Protection & Awareness, National Cyber Security Division, U.S. Department of Homeland Security
• Kimberly C. Trapani, State Chief Information Security Officer, State of Ohio
• Christopher L. Warner, Program Manager, Infrastructure Security, SAIC

More information is available from the State of Ohio at http://www.privacy.ohio.gov/.

On February 16, this event was canceled due to severe weather.

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.

How can business leaders use science to stay out of the headlines? Interhack Founder and OSU Lecturer Matt Curtin addresses the Fisher College of Business Breakfast Club on February 5, 2010. Using the Interhack Breach Taxonomy and Interhack's latest data breach research, Curtin shows how fact-based analysis helps prevent data breaches.

Data breaches make front page headlines and move stock prices. Information security is no longer an issue for the IT department. The media runs quotes from government officials on the adequacy of security programs. Fines are levied. The breached entities get subpoenas, rather than sympathy. Customers and boards of directors demand better performance. Listen as one noted national voice analyzes actual breach events to outline a pragmatic approach to both the policy and technical controls needed for effective information security. 

The Fisher Breakfast Club meets at the Blackwell Inn at 7:15AM on Friday February 5, 2010. Interested readers may register from the Fisher College web site.

About Interhack

Interhack aids executives and attorneys facing challenges and opportunities involving the use of information.  We perform security and privacy assessments, as well as services to work with data in legal proceedings.  Our work is used to find the right questions to ask and the best answers science can provide.  Based in Columbus, Ohio, Interhack supports clients all over North America.  Additional information about Interhack is available at web.interhack.com.