The e-discovery reference model (EDRM) is one of the most popular conceptual e-discovery models that legal and technology firms use to make the e-discovery process as efficient and error-free as possible. It refers to nine stages that are vital to the discovery process: information governance, identification, preservation, collection, processing, review, analysis, production and presentation. These stages are divided by professional skill sets and largely organized to help legal firms have an easier time calculating the overall needs and costs of a project.
Originally created by the EDRM organization and fostered by George Socha and Tom Gelbmann, the EDRM has been useful for law firms and technology groups for years. These days, however, there’s one angle in the legal profession that needs to be given preference: cybersecurity. As the legal technology industry moves toward a reality which must take cybersecurity concerns into consideration and embraces commoditization, new skill sets and new technology knowledge bases, the need for a new reference model that prioritizes cybersecurity concerns arises.
That brings us to the TRU Cybersecurity Reference Model (CSRM). The CSRM was created by an award-winning legal recruiting firm called TRU Staffing Partners with the intention of creating a practical, modern technology model that focuses on security needs through the lens of professional skill sets. Essentially acting as a skills-based guide to the functions and job responsibilities most needed in the legal technology industry in regards to security, the CSRM helps clarify what skills are required and serves to reference which stages are in high demand.
There are six primary stages in TRU’s CSRM
No. 1 – Technology Inventory. An organization must first perform an audit of their current technology. This includes networks, hardware and software, mobility potential, application development and contingency plans.
Useful skill sets/certifications: network engineering, disaster recovery and business continuity, such as GIAC systems and network auditor and GIAC critical controls certification.
No. 2 – Assess. A company must evaluate its current digital security configuration and adjust any policies as needed to fit the project adequately. Internal and external protections including online, mobile and any potential insider threats must all be considered.
Useful skill sets/certifications: digital security/ cybersecurity and information governance, such as certified information systems security professional, certified ethical hacker and GIAC penetration tester certifications, as well as system auditing certifications like the certified information systems auditor certification.
No. 3 – Compliance and governance. Organizations are required in this stage to ensure all involved parties comply and adhere to the same digital standards.
Useful skill sets/certifications: information governance, such as certified security compliance specialist, certified HIPAA administrator, certified HIPAA professional, check point certified security administrator and certified information privacy professional certifications.
No. 4 – Security architecture and systems. This stage includes the development, evaluation and implementation of all current and emerging security technologies including SIEM, identity management, persistent threat analysis tools, threat visualization tools and firewalls. Both security-by-design and privacyby- design concepts may be utilized.
Useful skill sets/certifications: digital security/cybersecurity. The certified information systems security professional certification is the most prominent here, followed by the CESG certified professional and CompTIA advanced security practitioner certifications.
No. 5 – Monitor. A business must have the ability to monitor for and evaluate security threats quickly and efficiently. Centralized security operations centers (SOCs) are ideal for this task and can be set up either internally or outsourced to a managed provider. Useful skill sets/certifications: digital security/ cybersecurity and managed security. The GIAC continuous monitoring certification is recommended for this stage, but many application- specific certifications are also appropriate.
No. 6 – Respond. If a security threat is identified during any process, it must be properly isolated and eliminated. Any damage and data loss must be assessed and restored if possible.
Useful skill sets/certifications: cybersecurity, digital forensics, reverse malware engineering, incident response and disaster recovery. Forensic certifications including the GIAC certified forensic examiner and GIAC certified forensic analyst are useful, as well as incident response certifications like the GIAC certified incident handler. Malware engineering certifications, such as the GIAC reverse engineering malware and certified malware reverse engineer are also useful.
Both the CSRM and EDRM models naturally share a few similarities. The information governance and respond stages contain the most overlap. Both models make heavy use of digital forensics, utilizing the same tools and collection methodologies. Organizations wishing to adopt the CSRM should focus on the areas where the models differentiate and encourage team members to familiarize themselves with the latest cybersecurity practices and challenges in order to improve the discovery team’s approach to digital security.
Hiring a consulting firm that approaches technology from a cybersecurity-focused angle is often the best way to ensure that a discovery team makes the necessary technology and security improvements.
To find out how your e-discovery system stacks up against the competition, contact me today. Phillip Hampton