This Page

has been moved to new address

The eDiscovery Paradigm Shift

Sorry for inconvenience...

Redirection provided by Blogger to WordPress Migration Service
----------------------------------------------------- Blogger Template Style Name: Snapshot: Madder Designer: Dave Shea URL: / Date: 27 Feb 2004 ------------------------------------------------------ */ /* -- basic html elements -- */ body {padding: 0; margin: 0; font: 75% Helvetica, Arial, sans-serif; color: #474B4E; background: #fff; text-align: center;} a {color: #DD6599; font-weight: bold; text-decoration: none;} a:visited {color: #D6A0B6;} a:hover {text-decoration: underline; color: #FD0570;} h1 {margin: 0; color: #7B8186; font-size: 1.5em; text-transform: lowercase;} h1 a {color: #7B8186;} h2, #comments h4 {font-size: 1em; margin: 2em 0 0 0; color: #7B8186; background: transparent url( bottom right no-repeat; padding-bottom: 2px;} @media all { h3 { font-size: 1em; margin: 2em 0 0 0; background: transparent url( bottom right no-repeat; padding-bottom: 2px; } } @media handheld { h3 { background:none; } } h4, h5 {font-size: 0.9em; text-transform: lowercase; letter-spacing: 2px;} h5 {color: #7B8186;} h6 {font-size: 0.8em; text-transform: uppercase; letter-spacing: 2px;} p {margin: 0 0 1em 0;} img, form {border: 0; margin: 0;} /* -- layout -- */ @media all { #content { width: 700px; margin: 0 auto; text-align: left; background: #fff url( 0 0 repeat-y;} } #header { background: #D8DADC url( 0 0 repeat-y; } #header div { background: transparent url( bottom left no-repeat; } #main { line-height: 1.4; float: left; padding: 10px 12px; border-top: solid 1px #fff; width: 428px; /* Tantek hack - */ voice-family: "\"}\""; voice-family: inherit; width: 404px; } } @media handheld { #content { width: 90%; } #header { background: #D8DADC; } #header div { background: none; } #main { float: none; width: 100%; } } /* IE5 hack */ #main {} @media all { #sidebar { margin-left: 428px; border-top: solid 1px #fff; padding: 4px 0 0 7px; background: #fff url( 1px 0 no-repeat; } #footer { clear: both; background: #E9EAEB url( bottom left no-repeat; border-top: solid 1px #fff; } } @media handheld { #sidebar { margin: 0 0 0 0; background: #fff; } #footer { background: #E9EAEB; } } /* -- header style -- */ #header h1 {padding: 12px 0 92px 4px; width: 557px; line-height: 1;} /* -- content area style -- */ #main {line-height: 1.4;} {font-size: 1.2em; margin-bottom: 0;} a {color: #C4663B;} .post {clear: both; margin-bottom: 4em;} .post-footer em {color: #B4BABE; font-style: normal; float: left;} .post-footer .comment-link {float: right;} #main img {border: solid 1px #E3E4E4; padding: 2px; background: #fff;} .deleted-comment {font-style:italic;color:gray;} /* -- sidebar style -- */ @media all { #sidebar #description { border: solid 1px #F3B89D; padding: 10px 17px; color: #C4663B; background: #FFD1BC url(; font-size: 1.2em; font-weight: bold; line-height: 0.9; margin: 0 0 0 -6px; } } @media handheld { #sidebar #description { background: #FFD1BC; } } #sidebar h2 {font-size: 1.3em; margin: 1.3em 0 0.5em 0;} #sidebar dl {margin: 0 0 10px 0;} #sidebar ul {list-style: none; margin: 0; padding: 0;} #sidebar li {padding-bottom: 5px; line-height: 0.9;} #profile-container {color: #7B8186;} #profile-container img {border: solid 1px #7C78B5; padding: 4px 4px 8px 4px; margin: 0 10px 1em 0; float: left;} .archive-list {margin-bottom: 2em;} #powered-by {margin: 10px auto 20px auto;} /* -- sidebar style -- */ #footer p {margin: 0; padding: 12px 8px; font-size: 0.9em;} #footer hr {display: none;} /* Feeds ----------------------------------------------- */ #blogfeeds { } #postfeeds { }

Friday, May 28, 2010

Measuring Loss Due to a Cyber Attack

This topic may be a bit “heavy” for the Friday before a long holiday weekend. But, it struck me as something that we should all be thinking about and therefore here goes.

Cyber Attacks and security breaches or “Incidents” as we like to call them are becoming common place and therefore most Global 2000 organizations have teams of ESI security experts in place to attempt to “deal with” these issues and minimize the damage. And, no one is immune. As an example, Google was attacked last year in China ( and as a result has had to rethink some of its policies. Even military organization such as NATO are concerned (

However, how many organizations really understand the value of the losses it incurs due to these attacks?

Believe it or not, there are some standards that are emerging to track this. (Ok, this is where the heavy stuff starts that may be too much for the Friday before a holiday weekend) As an example, some organizations are using the the Annualized Loss Expectancy (ALE) model to try and understand how much Cyber Attacks are costing them. And, other models such as Lindstrom’s Razor are also starting to emerge. The issue with any of these models is what due your track and where does the data come from.

A May 24, 2010 Blog post by Rich on the Secrosis Blog titled “FireStarter: The Only Value/Loss Metric That Matters” offers some interesting insight into what you should track.

Rich basically contends that “The losses predicted by a risk model before an incident should equal, within a reasonable tolerance, those experienced after an incident”

The second part of the issue is getting the data to plug into whichever model of approach you decided to take. And, in most cases, very few organization have the ability to track and/or capture this information.

One of the newest member of the eDiscovery Solutions Group (eDSG) Consortium appears to begin to address this issue with a new Incident Management Platform called IncMan. IncMan enable users to actually apply very detailed costs estimates to “Incidents” which then enables them to roll up the global costs / overall impact of these incidents. Over the next couple of weeks, we plan to release additional information on IncMan and the company will be scheduling several Webinars to show the industry how all of this works.

IncMan may or may not have all of the answers. However, it appears to be headed in the right direction and certainly begins to address some of the issues of measuring loss due to Cyber Attacks.

The full text of Rich’s Blog post is as follows:

As some of you know, I've always been pretty critical of quantitative risk frameworks for information security, especially the Annualized Loss Expectancy (ALE) model taught in most of the infosec books. It isn't that I think quantitative is bad, or that qualitative is always materially better, but I'm not a fan of funny math.
Let's take ALE. The key to the model is that your annual predicted losses are the losses from a single event, times the annual rate of occurrence. This works well for some areas, such as shrinkage and laptop losses, but is worthless for most of information security. Why? Because we don't have any way to measure the value of information assets.

Oh, sure, there are plenty of models out there that fake their way through this, but I've never seen one that is consistent, accurate, and measurable. The closest we get is Lindstrom's Razor, which states that the value of an asset is at least as great as the cost of the defenses you place around it. (I consider that an implied or assumed value, which may bear no correlation to the real value).

I'm really only asking for one thing out of a valuation/loss model:
The losses predicted by a risk model before an incident should equal, within a reasonable tolerance, those experienced after an incident.

In other words, if you state that X asset has $Y value, when you experience a breach or incident involving X, you should experience $Y + (response costs) losses. I added, "within a reasonable tolerance" since I don't think we need complete accuracy, but we should at least be in the ballpark. You'll notice this also means we need a framework, process, and metrics to accurately measure losses after an incident.

If someone comes into my home and steals my TV, I know how much it costs to replace it. If they take a work of art, maybe there's an insurance value or similar investment/replacement cost (likely based on what I paid for it). If they steal all my family photos? Priceless -- since they are impossible to replace and I can't put a dollar sign on their personal value. What if they come in and make a copy of my TV, but don't steal it? Er... Umm... Ugh.

I don't think this is an unreasonable position, but I have yet to see a risk framework with a value/loss model that meets this basic requirement for information assets.

Labels: , ,

Monday, May 24, 2010

Litigators Need ESI Analytics – Not Boolean Search Tools

This morning as I was enjoying my Monday morning coffee and reviewing the latest “Blog postings and press releases” in eDiscovery, I came across an article highlighting a research study published by AIIM on March 29, 2010, titled, “Users Need Content Research Tools, Not Basic Search Tools” that indicated users are more interested in finding good content analysis tools as opposed to just search tool. It is interesting that this study was not specifically written about eDiscovery. However, I would suspect that if AIIM had polled just eDiscovery professionals that they would have gotten an even louder call (more than 70%) for good eDiscovery analytics.

eDiscovery technology vendors are making tremendous strides in regards to enabling users to conduct some analytics during the Early Case Assessment (ECA) phase and even during the Document Review phase of the EDRM. However, I contend that most searches that are done today are keyword searches based upon a list of keywords that were produced by outside counsel (probably Associates and paralegals) with little or nor real knowledge of the Electronically Stored Information (ESI).

This archaic and potentially dangerous practice is no doubt a huge step forward from sticky notes, yellow pads and Excel spreadsheets. However, with the advanced analytical tools that have been on the market for general business analysis for years, there is no excuse for eDiscovery professionals to not be using advanced analytic search technology such as conceptual search for eDiscovery.

I have written extensively about this topic on this Blog. Following are links to some of those posts:

Become eDiscovery Superheroes:

Concept Search vs. Keyword Search in eDiscovery:

The Fog is Lifting on Conceptual Search in eDiscovery:

Conceptual Search Case Law Emerging:

The New Generation of eDiscovery Search:
Web 3.0 in eDiscovery:

The full text of the AIIM article is as follows:

Silver Spring, MD – March 29, 2010 - According to a recent survey report by content management association AIIM, organizations could derive much higher business value from content analytics tools than from simple search-engines. Sophisticated content reporting across text documents and rich media file-types has created the opportunity to report and research across unstructured content, bringing the same capabilities of strategic insight and improved decision-making as Business Intelligence (BI) reporting brings to structured content.

Over 70% of respondents in AIIM’s survey would find advanced content analysis functions “Extremely useful” or “Very useful.” They rate their current ability to “research” content for business insight, or to monitor desirable or undesirable activity as 3 to 6 times less than their ability to simply “search” across different content types. Relatively new as a recognized toolset, content analytics tools provide trend analysis, content assessment, pattern recognition and exception detection. Applications include fraud detection in claims or loan applications, pattern detection in inspection reports, detecting unauthorized use of copyright material, analysis of healthcare records against other citizen databases, automatic redaction (blanking out) of sensitive information, and sentiment analysis in customer correspondence or social media sites.

According to Doug Miles, Director of AIIM research activities, “In much the same way that BI tools opened up structured corporate data in finance and ERP systems to give managers true insight into business operations, content analytics can leverage the investments in content management systems to measure subtle trends and sentiments in assessment reports, correspondence, emails, and social media sites. Meanwhile, analysis tools for rich media file types, such as video and audio, are providing much better management of these valuable assets, as well as improving the ability to detect fraud and crime.”

One particularly useful application of analytics is that of measuring the relevance and likely duplication of stored documents and records, with a view to reducing the size of content stores in order to save storage space, particularly during system migration or company merger activities. Only 15% of respondents had any automated tools for this kind of content assessment.

The AIIM report projects a considerable increase in spend on content analytics technologies over the next two years, as well as increases for Digital Asset Management (DAM) and enterprise search applications.

Based on over 500 responses, the AIIM research report is entitled “Content Analytics – research tools for unstructured content and rich media.” Part of the AIIM Industry Watch series, the full report is free to download from the AIIM website. It is underwritten by Allyis, IBM and Media Beacon.

About the research
The survey was taken by 527 individual members of the AIIM community between February 9th and February26th using a Web-based tool. Invitations to take the survey were sent via e-mail to a selection of the AIIM worldwide community members.

About AIIM
AIIM ( is the community that provides education, research, and best practices to help organizations find, control, and optimize their information. For over 60 years, AIIM has been the leading non-profit organization focused on helping users to understand the challenges associated with managing documents, content, records, and business processes. The AIIM community includes over 65,000 ECM users and professionals.

About Allyis
Allyis develops and supports technologies that help businesses operate, share information, and communicate more effectively. Whether developing an employee intranet to connect a dispersed workforce, designing a knowledge management strategy to surface talent and expertise, or providing content management support, Allyis leverages people and technology to make business more efficient and effective.

About IBM
As a content, process and compliance software market leader, IBM ECM delivers a broad set of mission-critical solutions that help solve today’s most difficult business challenges: managing unstructured content, optimizing business processes and helping satisfy complex compliance requirements. More than 13,000 global organizations and governments rely on IBM ECM to improve performance and remain competitive through innovation.

About MediaBeacon
MediaBeacon, Inc. is the leading provider of Digital Asset Management, Enterprise Search and secure role-based media distribution portals of digital content technology. With some of the largest DAM deployments known to date and hundreds of global enterprise customers, MediaBeacon is a proven leader in the industry. For more information, visit

Labels: , ,

Federal Judiciary Launches Enhanced Website

Considering that most beleive that the US Court System is still using green screen computers, Word Perfect and Dot Matrix printers, it is really nice to see that they are in fact moving into the era of Web 2.0 with a few enhancements to their website.

Accoring to a May 15, 2010 press release found on the US Courts Website, The Federal Judiciary’s website,, today unveils a host of enhancements.

The full text of the release is as follows:

The site has been redesigned to make it more attractive, accessible, and useful to its diverse audience of users. The improvements further the website’s mission of increasing public interest, awareness, and understanding of the federal court system and its functions, and to serve as a source for disseminating Federal Judiciary information to the public.

The website is a primary source of information on the structure, function, and operations of the federal courts. It plays an important role in how the Judiciary communicates to the public, with useful and timely information for students, news media, attorneys, academics, government officials, associations, and others – both in the United States and worldwide.

The new design reflects the input of a wide range of users who expressed their needs, preferences and interests during usability testing and focus groups.

Among the objectives of the redesign are a more dynamic website that can integrate emerging web technologies, such as RSS, podcasts, and multimedia.

Among the enhancements:

Email Delivery Service: Interested users can subscribe to email updates. When Judiciary news releases, Newsroom updates, notifications of new publications, emergency notifications and significant content updates are made, a notification is sent directly to the subscribers’ email addresses. Each subscriber can choose to receive alerts on topics of particular interest or alerts for all updates. Subscriptions are free, and can be canceled or updated at any time.

Multimedia – video, podcasts, photos, YouTube Channel: Videos have been available on for several years, with a focus on civic education and highlighting news. Recently, the focus was expanded to feature two informational video series – Bankruptcy Basics and Working for the Federal Judiciary. Photo slide shows have been added, to include and illustrate such topics as naturalization ceremonies, educational outreach programs, and Judiciary news.

The website will feature expanded use of multimedia, including a link to the Judiciary’s YouTube Channel,, which is a joint initiative of the Administrative Office of the U.S. Courts and the Federal Judicial Center.

Widgets: A widget is a portable chunk of computer programing code that can be embedded in a Web page to add dynamic content. For example, an organization could take a widget from and install it in their website homepage to receive continuous Federal Judiciary news updates directly.

Read-aloud service: Web text is read aloud for users who find it difficult to read online, a useful tool for those who have difficulty reading or are mildly visually impaired. This free program also allows users to download portable files from and listen to it later.

Labels: ,