Key Issues in Cyber Security for Law Firms

A full-day workshop designed to help attendees grasp the key issues affecting law firm cyber security - from risk assessment to program design


  • 05 April, 2018
  • 08:30 - 17:00
  • 450 Cityfront Plaza Dr, Chicago, IL, 60611, United States (View Map)

Additional taxes may be applicable


Download the full program here

Download the full program here


8:30AM Registration & Networking Breakfast

9:00AM Introductions/Opening Remarks

9:05AM Threats, Security and Trust

How the escalating threats within the law firm industry, the growing number of breaches and our clients’ demands are changing the way we deal with security and trust.

9:15AM Trends in Cyber Security

Updates on the current threat environment, strategies employed by attackers, and the trends affecting law firms.

10:15AM Morning Networking & Coffee Break

10:30AM Building a Sustainable Cyber Security Program (Part 1)

Overview of the prevalent security frameworks, benefits of the different approaches and how to select a framework for your organization.

11:30AM Building a Sustainable Cyber Security Program (Part 2)

Detailed case study of one firm’s journey from awareness to initial assessment and the plans they developed to address cyber security for the firm. We will also review a sample implementation strategy.

12:30PM Networking Luncheon

1:30PM What is “Cyber Attest”?

We will cover the Cyber Attest approach to build and maintain trust with your clients and how to get the same trust built with your vendors. We will cover the purpose and benefits of SOC (System and Organization Controls) reporting.

2:30PM Cyber Security Audit: Realistic Practices (Part 1)

How do you prepare for client-specific cyber security information requests? How do you prepare for the onsite audits? What is reasonable to expect from you and your team, and from the auditors?

3:30PM Afternoon Networking & Coffee Break

3:45PM Cyber Security Audit: Realistic Practices (Part 2)

We will cover the lifecycle of graduating to a formal audit to break the cycle of continuous auditing and move your firm into an “audit once, comply many” approach. We will start with the readiness review and how to use those results to develop and sustain incremental progress to finally complete the formal audit.

4:30PM Wrap-Up/Closing Remarks

Full Description

Law firms are being targeted by cyber criminals at an ever-increasing pace. Some of the country’s most prestigious firms have found themselves in the headlines because hackers exploited weaknesses in their information systems.

These instances have caused sensitive client information, provided to these firms under the assumption that it be held in trust, to be exposed and possibly used for illicit purposes. Other security breaches that have made the news have caused significant business interruption. Law firm clients have responded by subjecting their legal providers with swarms of checklists, revised engagement letter terms, disclaimers and on-site visits by their own auditing and security professionals.

In today’s environment, it is evident that validating a law firm’s information security systems is becoming a requirement prior to obtaining and for retaining a client. The constant threats related to law firms’ information security are real and the marketplace has responded in various and unpredictable ways to verify information will be safe when in the hands of legal professionals.

Ark Group’s Key Issues in Cyber Security for Law Firms is a full-day workshop designed to give law firm leaders the necessary tools to:

  • Understand the key issues affecting law firm cyber security
  • Perform an information technology risk assessment for their firm
  • Design a cyber security program for their law firm
  • Streamline a cyber security audit imposed by the clients of law firms
  • “Pull back the curtain” on what it really means to undergo a cyber attest project

The instructors for this workshop are professionals that have deep experience in providing information technology security services to law firms in addition to other organizations that place a premium on the security of sensitive information. The instructors’ backgrounds include a professional that has served in a leadership role on a national standards-setting organization as well as a professional that has  provided security work for the Air Force, NSA and Pentagon.

Top industry speakers

Rob Rudloff

Rob has more than 20 years of information security experience on security reviews, mitigation, strategy and architecture development. He consults with clients on a variety of information security projects ranging from penetration testing to security assessments to implementation of security architectures. His background includes security work for the Air Force, NSA, Pentagon and PwC. Recently serving as a Chief Information Security Officer, Rob brings strategic consulting expertise balanced with a voice of reason.

Audrey Katcher

Audrey is the Partner-in-Charge of RubinBrown’s IT Risk Services Group. Audrey will provide additional guidance related to the assessment and testing of internal controls and information technology. She has more than 20 years of public accounting experience, focused on internal control and information technology.

Matt Finke

Matt is the Partner-in-Charge of RubinBrown’s Law Firms Services Group. He provides comprehensive assurance, business process improvement reviews and business consulting services to clients in the legal industry, in addition to other professional services firms.