CASE STUDY 3: Information Security

In this case study (Attached), please review the case and provide an analysis of the authors recommendations for the implementation of controls. Based on what you know and some of the items covered in the information security section, would you provide any additional insight to the authors or the law firms? In addition, is there anything different from a US perspective? I would also like you to discuss briefly, whether or not your particular industry /company suffers from the same problems. If not, why do you believe they encountered so many problems with the Law firms in Australia?

Proceedings of the Australian Information Security Management Conference A Case Study on an Investigation of Information Security Management among Law Firms Sameera Mubarak & Elena Sitnikova School of Computer and Security Science University of South Austral Defence and Systems Institu University of South Aus Abstract The integrity of lawyer trust accounts as come under scrutiny in the last few years. There have been many incidents of trust account fraud reported internationally, including a case in Australia, where an employee of a law fi rm stole S4,500,000 from the trust funds of forty-two clients. Our study involved interviewing principles of ten law companies to find out solicitors' a udes to computer security and ibility of breaches of their trust accounts, An overa ll finding highlights that law firms were nat current with e possi technology to combat computer crime, and inadequate access control was a major oncern in safeguarding account data, Qur conclusions revealed the wrgent need for law firms to adopt security controls, implement information s policies and procedures and obtain cooperation from management to communicate these policies to staff Keywords Information security, computer science, trust account INTRODUCTION Information is a particularly important aspect of every business sector, all types and sizes of organisations need to collect, store, utilize and exchange information. Information is considered an important asset, organisations aspire to collect, retain and protect their valuable intellectual property to achieve cutting edge advantages over their competitors This trend has resulted in organisations showing a keen interest in building their own information infrastructures. In the earlier days of information systems development, information technology tools were mainly used for communications purposes. In recent years, this trend has changed and information s now play a major roll e in almost all business activities, acquiring the status of business infrastructure'. Since computers and the Intemet are used to process and store information, there is an increasing problem in safeguarding and securing businesses from the security flaws inherent in computers and all types of networking Like any other asset class, organisational information infrastructures have become frequent targets for security threats. Safeguarding this asset class from external and internal threats has become a challenging task for businesses worldwide. There are many forms of threat to information systems, and one source of threat which has attracted the attention of th technology and business worlds is compu Law firms are no exception to the trend towards com information infrastructures, particularly because the very nature of their business is collecting and storing highly confidential client data. One area of law firm activity which has come under intense scrutiny is the integrity of trust accounts. Law firms operate and maintain trust accounts on behalf of investors or depositors, to be used in the trustees' interests at the trustees' request (Legal Practice Act 1996), Trust accounts basically hold public money. Many incidences of trust account fraud reported over the last two decades clearly indicate that trust accounts have been misused and manipulated in a range of ways. The following incidents provide the est examples of trust account fraud the public domain. They serve to develop an understanding of the vulnerability of trust accounts intemationally: A solicitor in the United Kingdom stole 1,250,000 from a client over ten years. The cash kept in the law firm's trust account was part of compensation received by the client for lifetime care. The client was immobilised below the neck and needed full time care. The solicitor diverted money from the trust account to his personal account Jenkins 2008) An employee from a law firm in Adelaide, Australia, was charged when AUD$4,500,000 was discovered missing from a trust fund. The employee faced charges of fraud and deception. Forty-two clients had money in Page