Abstract
During a lawsuit, an organization is required to discover and produce relevant electronic data. In many cases, relevant data includes confidential data, such as personal information or trade secrets. During the course of a lawsuit, the discovered data may exchange many hands. This study analyzes data security threats and corresponding countermeasures within the e-Discovery process by constructing a misuse case diagram. The analysis revealed seven data security threats, the agents who may carry out such threats, and twelve countermeasures. Of the twelve countermeasures identified, two require advanced planning and investment, while the remaining ten are inexpensive procedural controls. Thus, organizations can significantly improve data security during e-Discovery at relatively low cost. Misuse case diagrams used for visual conceptualization of information security can be used as a means to brainstorm and communicate security risk and controls with stakeholders of an e-Discovery process.
Recommended Citation
Spears, Janine, "Conceptualizing Data Security Threats and Countermeasures in the E-Discovery Process with Misuse Cases" (2012). AMCIS 2012 Proceedings. 17.
https://aisel.aisnet.org/amcis2012/proceedings/ISSecurity/17
Conceptualizing Data Security Threats and Countermeasures in the E-Discovery Process with Misuse Cases
During a lawsuit, an organization is required to discover and produce relevant electronic data. In many cases, relevant data includes confidential data, such as personal information or trade secrets. During the course of a lawsuit, the discovered data may exchange many hands. This study analyzes data security threats and corresponding countermeasures within the e-Discovery process by constructing a misuse case diagram. The analysis revealed seven data security threats, the agents who may carry out such threats, and twelve countermeasures. Of the twelve countermeasures identified, two require advanced planning and investment, while the remaining ten are inexpensive procedural controls. Thus, organizations can significantly improve data security during e-Discovery at relatively low cost. Misuse case diagrams used for visual conceptualization of information security can be used as a means to brainstorm and communicate security risk and controls with stakeholders of an e-Discovery process.