LITIGATION SUPPORT TIP OF THE NIGHT

In June 2019, FedRAMP, the Federal Risk and Authorization Management Program, issued guidelines for cloud service providers, FedRAMP Marketplace. CSPs can be categorized as having one of three statuses:

1. FedRAMP Ready - a third party assessment organization attests to a CSP's capabilities and a report is accepted by FedRAMP.

2. FedRAMP In Process - CSP working on FedRAMP authorization with the Joint Authorization Board or a federal agency. In order to get to this stage, a Security Assessment Plan (SAP) and Security Assessment Report (SAR) must be prepared. Security package materials have to be uploaded to the OMB MAX document repository, and kickoff meeting with the JAB must be held. The in process status cannot be held for more than 12 months.

3. FedRAMP Authorized - in order to get authorization, the CSP must submit monthly deliverables to the JAB. A provisional authority to operate letter (P-ATO) signed by the CIOs of the Department of Defense; Department of Homeland Security; and the General Services Administration will allow the CSP's status to be updated to authorized.

The FedRAMP Marketplace is a sortable database of CSPs. Notable businesses in the legal technology field that are in the marketplace include:

Box (Authorized)

CDS - Complete Discovery Source (Authorized)

DocuSign (Authorized)

EverLaw (In Process)

Exterro (In Process)

Slack (Authorized)

Smarsh (In Process)

VMware (In Process)

(Pretty nice feather in CDS's cap!)

IBM has a very simple online calculator that the you can use to calculate the cost of a data breach. The two first factors are for the country and business sector in which the breach occurs.

The cost of a breach in Canada is much lower relative to other countries, and Italy and South Africa are areas where a breach is likely to be particularly costly.

In the United States data breaches will be most expensive for the financial world, big tech, and the healthcare industry. Breaches are comparatively inexpensive for companies focusing on research and organizations in the public sector.

IBM will also allow you to input a number of cyber security measures that will mitigate the cost of a breach:

1. AI platform

2. BCM (business continuity management) involvement

3. Board level involvement

4. Chief Information Security Officer appointed

5. Certified Protection Officer appointed

6. Consultants engaged

7. Data classification schema

8. Employee training

9. Data loss prevention

10. Data encryption

11. Incident response team

12. Insurance protection

13. Participation in threat sharing

14. ID protection

15. Security analysts

. . . and vulnerabilities that will make a breach more consequential

1. Compliance failures

2. Extensive cloud migration

3. Internet of Things devices

4. Mobile devices

5. Lost or stolen devices

6. Rush to notify

You can also use the calculator to determine how long it takes to discover and contain a data breach in different countries.

Germany does a lot better than the US and most other big countries.

The password permission protection option in Adobe Acrobat only guarantees that the file cannot be edited by other people also using Acrobat, not other software. This password protection can circumvented.

Acrobat also offers digital rights management, called LifeCycle, which offers a much higher level of protection. It can prevent a file from being copied or printed, but requires storing security settings on a server.