|
ACTIVE
WORK GROUPS |
CONTACTS |
UPDATE |
|
Critical
Infrastructure
Protection
Work
Group |
|
The Critical Infrastructure Protection Working Group
addresses issues bridging law, information security, and
critical infrastructures. The group is currently
producing an ABA CLE teleconference on the legal issues
of critical infrastructure. In the coming year, the
group will explore the feasibility of producing short
papers on leading issues in Critical Infrastructure
policy. The group's first paper is likely to focus
on the effects of cybervulnerability cascading into the
physical world. Cyberinfrastructure has often been
a low-priority issue for policymakers. To some extent,
its poor visibility results from a lack of understanding
about the connections between vulnerabilities in digital
infrastructure - the "virtual" world - and tangible
outcomes in the physical - or "real" world. This paper
explains how weak cybersecurity practices lead to
concrete damage in daily functions. The paper includes
several examples to show readers why information
security is key to protecting both individual and
national security. |
|
Digital
Evidence Project |
|
The
Digital Evidence Project is working on a comprehensive
treatise addressing the creation, storage, retrieval and
repudiation of digitally stored information.
Evidence in digital form now surpasses paper-based
recordkeeping. Members working on The Project are
writing about best practices for forensic consulting,
authenticity, digital storage, database integrity,
metadata, and forensic video and audio. The work
product will include a review of federal and state
evidentiary case law. The Digital Evidence Project seeks
to bring together the nation's top experts on these
rapidly evolving issues and assist fact finders and
advocates with a technological knowledge base by which
to discover and analyze digitally stored information.
|
|
Information
Security Liability and Insurability Work
Group |
|
The
Information Security Liability and Insurability Work
Group (formerly the Information Security Handbook Work
Group- creators of a guide on information security
basics) is reviewing the standards of care and the cybersecurity practices of
businesses seeking to minimize risk through good
information security practices. The work
product of the ISLI Work Group will be a guide to
attorneys to use in advising clients about contractual
obligations for cybersecurity. The work will
explain how to conduct a risk assessment and contain an
outline of considerations and checklists with citation
to applicable laws. The group is also working on
seven scenarios that will present in case study format
the things to keep in mind when entering into business
relationships involving information stored or
communicated by computers. |
|
Law
Practice Security Project |
|
The Law
Practice Security Project is developing a set of
information security guidelines for lawyers and other
legal professionals with a goal of educating providers
of legal services about security risks to their practice
and increasing the awareness and use of cost-effective
security technologies and systems to minimize those
risks and improve the quality of legal services. The
purpose of the guidelines under development by the
workgroup is to teach and encourage the competent and
ethical practice of law, not by creating new standards,
but by suggesting how existing ethical standards and
duties might be achieved through effective use of secure
technologies. |
|
ASSISTING THE ACTIVE WORK GROUPS |
CONTACTS |
UPDATE |
|
Accreditation
Work
Group |
|
The
Accreditation Work Group focuses on assessment and
accreditation activities in information security.
This Work Group was responsible for the PKI Assessment
Guidelines, ver. 1 (the
"PAG"), now available through ABA Publishing. This
work group is reviewing recent advancements in the
assessment and accreditation area based on its
experience with the PAG. One of the more recent
initiatives of this group is its review of recommended
practices for the development of secure and reliable
information systems and software in conjunction with the
ISLI Work Group.
This workgroup is assisting the other work groups in
completing the text of the current publication drafts. |
|
Audit
& Controls
Work
Group |
|
The Audit
and Controls Work Group focuses on the audit function,
as it relates to security deployments. It
identifies proposed new audit standards related to
information security, reviews them, and prepares and
submits comments on behalf of the Work Group to the
applicable standard-adopting bodies. The group has
reviewed the new IT Control Objectives for
Sarbanes-Oxley proposed as a discussion document by
ISACA (www.isaca.org) and has prepared comments for
submission. This group is also supporting
the work of the Digital Evidence Project and the ISLI
Work Group.
This workgroup is assisting the other work groups in
completing the text of the current publication drafts. |
|
Government
&
Reciprocity
Work
Group |
|
The
Government and Reciprocity Work Group’s efforts have
focused on efforts toward interoperability within the
government sector. The group held the very successful
Multi-State Digital Signature Summit that took place in San
Francisco in 2000.
At that summit, representatives from numerous state
governments were brought together to discuss and debate
the use of electronic signatures. In addition to its
ongoing efforts, it is also participating with the
Identification and Credentialing Work Group’s efforts to
address security and reliability of documents used to
authenticate individual identity.
This workgroup is assisting the other work groups in
completing the text of the current publication drafts. |
|
HIPAS
Work
Group |
|
The Health
Information Protection and Security Work Group will soon
be publishing a brochure on the security standards
adopted pursuant to the Health Insurance Portability and
Accountability Act (HIPAA). It also serves as the
liaison between the ISC and other ABA and
non-ABA HIPAA groups working on projects in this
area.
This workgroup is assisting the other work groups in
completing the text of the current publication drafts. |
|
Identification
and Credentialing Work Group |
|
The
Identification and Credentialing Work Group formed, in
part, as a result of 9/11. In particular, the
group continues its study of identification management
and credentials, such as drivers' licenses, social
security cards, and passports. The group's work product
will review existing and new technologies and methods
for identifying and credentialing individuals in the
United
States with the
goal of working towards a national symposium in
conjunction with the Government and Reciprocity Work
Group and the Critical
Infrastructure
Protection
Work
Group.
This workgroup is assisting the other work groups in
completing the text of the current publication drafts. |
|
Service
Agreements
Work
Group |
|
The
Services Agreements Work Group continues its work on a
book entitled "Model Terms for Certification Services
Agreements". The intent of the book is to assist
attorneys in the drafting of certificate policies,
certification practice statements, subscriber
agreements, relying party agreements/ T&Cs, PKI Disclosure Statements
etc. by providing model language with commentary for use
in such documents. This group is supporting the
work of the ISLI by working on model contract terms for
use in services agreements.
This workgroup is assisting the other work groups in
completing the text of the current publication drafts. |
|
CyberNotary
Work
Group |
|
The CyberNotary Work Group continues to
focus its efforts on identification issues in
cyberspace. If you would like to work on these
issues, please contact ISC leadership— Steve Wu, Randy Sabett or Ben Wilson.
|