Most Big Law firms have taken significant steps to diligently focus on security programs, due to the advanced security threats and client demands to improve security, says Sanjay Naik, senior managing consultant at IBM Security Services. Generally, firms are inclined to replicate programs that may be working at other similarly-sized shops. That may save time, but in the end, not deliver expected results, he says.
Naik urges firms to consider three classic elements as they approach a cybersecurity program: people, process and technology. To accomplish a pragmatic approach, firms should follow another three-step methodology: assess, plan and execute. This doesn’t not mean “rip and replace”—or an extensive change to the IT environment—but it may take considerable time and effort.”
