Information Security

Safeguarding information’s confidentiality, integrity, and availability requires good management practices, thoroughly implemented security controls and measures, and a solid security organization.

Resources on Information Security


Closing the Protection Gap for Outside Counsel

To help law firms avoid data security breaches, the Association of Corporate Counsel has developed guidelines to help firms manage data, reduce threats and screen employees and contractors. Learn how to best embrace and implement these guidelines in the following infographic.

By James Cusick, Chief Security Officer & Director of IT Operations

7 Steps to Help Protect Your Business from a Data Breach

Many security breaches can be prevented by implementing and enforcing basic security best practices, such as having a firewall and securing your Wi-Fi network. In addition to those threshold actions, here are seven other steps you can take to reduce your risk of a data breach.

By CT Corporation Staff
 

Law Firms: Implementing the ACC Model

A commitment to key information security principles, such as those in the ACC Model Information Protection and Security Controls for Outside Counsel Possessing Company Confidential Information, and other frameworks like the GDPR and NYCRR, offers a variety of critical benefits. 

By James Cusick, Chief Security Officer & Director of IT Operations

CT’s Information Security Program

CT has implemented a comprehensive information security program to help ensure sensitive client and CT data is protected. CT monitors its practice in four key areas to keep up with rapidly changing security issues: business, process, people, and technology.

A Leading Standard for the Legal Profession

  • Information security policy applies to CT information, client information, and other business assets, CT employees, and sub-contractors working for CT.
  • The information security policy consists of a set of standards aligned with the ISO 27000 framework. The standards address security rules, processes, roles and responsibilities for a particular information security area.
  • The security policy documents define the information and assets that CT needs to protect and the behavior expected of the people to whom the policy applies. \The top-level policy covers the following topics: 
    • Management statement of policy. 
    • Definition of information security, policy objectives, and scope. 
    • Summary of key policy elements.
    • Summary of information security management roles and responsibilities. 
    • References to supporting information security standards.

Access and Vulnerability Controls, Monitoring and Risk Assessment

  • CT’s controls to limit access to confidential information employ applicable safeguards including rotating complex passwords, authentication and separation of duties model.
  • Offers dual infrastructure backup with no single point of failure that can withstand unplanned activity while maintaining continuous operations.
  • We feature datacenters that are SCO and ISO certified.
  • CT employs a multi-tier monitoring toolset for continuous network surveillance, including an intrusion detection system. Application Performance Monitoring tools provide alerts on availability or performance anomalies. With these rich monitoring tools, CT is well outfitted to prevent security incursion, and resolve them quickly should they occur.
  • We conduct annual penetration testing and quarterly vulnerability scans both carried out by an independent third party. Additionally, CT tests customer-facing software with both dynamic and static vulnerability scans prior to release
  • CT conducts annual SSAE 18 SOC 1 Type 2 compliant audits and makes audit reports available to customers upon request.
  • CT provides multi-zoned security perimeter and firewalls externally and internally between secure zones.
     

Policies and Procedures

  • CT’s policies and standards cover a wide range of information and security areas, such as access control, human resources, governance, development, incident management, and threat management.
  • CT maintains these policies on an ongoing basis.
  • Executive awareness and staff training are key aspects of CT’s information security
    program.
     

Data Handling, Retention and Destruction

  • Data transferred into and out of CT’s data centers are encrypted in transit via protocols including HTTPS, SSL, and TLS. These protocols are managed to ensure that data transmission remains encrypted. Additionally, Internet-facing applications supported by CT enable and require encrypted communications.
     

Physical Security & Infrastructure Reliability

  • CT has implemented a wide variety of physical security measures at its information processing locations, which include our hosted data center and information processing locations. We regularly review our physical safeguards for continued appropriateness.
  • CT employs Private Cloud Infrastructure to optimize application performance, scalability, and availability.
  • CT has ISO 27001 Certified secure hosting facilities, data center, and operational processes.
     

System Administration and Network Security

  • CT approaches all development and security with a “design for security” mindset. All software developers are trained in security development methods. Our proprietary secure software development lifecycle methodology helps safeguard CT’s web applications from unauthorized access or other malicious activity.
  • CT’s network design and operational model, policies, standards and development approach help enforce security at every step. CT’s anti-virus practices help keep our servers and applications up-to-date and defeat malicious code.
     

Talk to a Specialist

Have a specific question about a product? A CT Specialist will follow up with a custom quote along with a comprehensive assessment of your needs.