Sedona Canada - Commentary on Privacy and Information Security for Legal Service Providers: Principles and Guidelines

The Sedona Canada Commentary on Privacy and Information Security for Legal Service Providers: Principles and Guidelines. Member of the drafting team. In this commentary, the working group attempted to make the nitty-gritty of information security as approachable as possible. We included a running narrative of a common series of cyber attacks perpetrated against a small law firm, from the perspectives of the attacker and one of the firm’s partners, who was directly under attack. Each ‘interlude’ briefly walks through a common attack and the easily-established defenses which can thwart them.

My primary contribution was updating and revising sections Three (Conducting a Security Risk Assessment) and Four (Guidelines for Policies and Practices that Address Privacy and Information Technology) using my background in information security and systems administration, plus the security frameworks related to my CISSP designation.