Considering Cyber Discovery? A Strategic Framework from HaystackID™

Developed based on the European Union Agency for Cybersecurity (ENISA) framework for artificial intelligence lifecycle stages and modified through the lens of the Electronic Discovery Reference Model (EDRM), the HaystackID Cyber Discovery Framework defines, depicts, and discusses a strategic framework that may be useful for understanding and applying the discipline of data and legal discovery in support of cybersecurity-centric challenges.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Content Assessment: Considering Cyber Discovery from Preparation to Response

Information - 95%
Insight - 95%
Relevance - 95%
Objectivity - 95%
Authority - 100%

96%

Excellent

A short percentage-based assessment of the qualitative benefit of the recent post highlighting elements of a cyber discovery frame as shared by HaystackID.

Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from data discovery and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

To submit recommendations for consideration and inclusion in ComplexDiscovery’s data and legal discovery-centric service, product, or research announcements, contact us today.

Cyber Discovery Overview

Background: Developed based on the European Union Agency for Cybersecurity (ENISA) framework for artificial intelligence lifecycle stages and modified through the lens of the Electronic Discovery Reference Model (EDRM), the HaystackID Cyber Discovery Framework defines, depicts, and discusses a strategic framework that may be useful for understanding and applying the discipline of data and legal discovery in support of cybersecurity-centric challenges.

Cyber, data, and legal discovery experts contributing to model design include:

  • Michael Sarlo, EnCE, CBE, CCLO, RCA, CCPA – Michael is the Chief Innovation Officer and President of Global Investigation Services for HaystackID.
  • John Brewer – As Chief Data Scientist, John serves as the Head of Advanced Technology Services for HaystackID.
  • Anya Korolyov, Esq. – As Director of Expert Solutions with HaystackID, Anya has 12 years of experience in eDiscovery with extensive expertise with complex matters ranging from Second Requests to cyber discovery.

A Strategic Cyber Discovery Framework from HaystackID™

Provided for your review and use is a non-comprehensive overview of definitions, depictions (graphical), and descriptions that may be helpful in considering the conduct of cyber discovery. The presented overview* represents a framework based on high-level artificial intelligence lifecycle stages as developed by the European Union Agency for Cybersecurity (ENISA)1 modified through the lens of traditional eDiscovery planning and practices grounded within the Electronic Discovery Reference Model (EDRM)2. The modification attempts to combine computer-centric artificial intelligence and machine learning models with data and legal discovery developed protocols and tools to provide a high-level generic reference model for considering cyber discovery stages and tasks.

Defining Cyber Discovery: Definitions, Depiction, and Discussion

In discussing the framing of cyber discovery stages and tasks within a generic reference model, it is first important to provide several definitions that may be helpful in understanding the relationships between cyber discovery, data discovery, and legal discovery.

Reference Definitions

Cyber Discovery: The application of a combination of data discovery and legal discovery approaches to enable the exploration of patterns, trends, and relationships within unstructured and structured data with the objective of uncovering insight and intelligence to proactively or reactively respond to cybersecurity-centric challenges.3

Data Discovery: The exploration of patterns and trends within unstructured data with the objective of uncovering insight.4

Legal Discovery (eDiscovery): The process of identifying, preserving, collecting, processing, searching, reviewing, and producing electronically stored information that may be relevant to a civil, criminal, or regulatory matter with the objective of uncovering intelligence.5

Insight: The understanding of cause and effect based on the identification of relationships and behaviors within a model, context, or scenario.6

Intelligence: The ability to acquire and apply knowledge and skills.7


2021.05.13-HaystackID-Cyber-Discovery-Flow-Chart

Reference Descriptions (Stages and Tasks)

Preparation: Initiation of the Cyber Discovery Process

  • Cyber Discovery Goals: Identifies the purpose of cyber discovery requirements. Links the purpose with the questions to be answered by the models, protocols, and tools to be used in the cyber discovery approach. Identifies model, protocol, and tool types based on the questions to be answered.
  • Data Collection and Ingestion: Identifies the input data to be collected and ingested and the corresponding context metadata. Organizes ingestion according to model and protocol requirements, importing data in a stream, batch, or multi-model fashion.
  • Data Exploration: Identifies the attributes of data collected and ingested as assessed for use with potential models and protocols. Considers data appropriateness for answering questions related to cyber discovery goals.
  • Data Processing: Converts, integrates, and normalizes ingested data to facilitate data use as part of selected models and protocols with required applications necessary for answering questions related to cyber discovery goals.

Planning: Model and Protocol Planning

  • Model and Protocol Planning ( AI+Experts): Identifies the data set dimensions based on preparation stage efforts and determines the most effective models, protocols, and tools to be selected, built, tested, trained, and tuned prior to cyber discovery.

Configuration: Selection, Building, Testing, and Training

  • Model and Protocol Selection and Building: Selection and building (customization) of the models, protocols, and tools most suitable for the identified cyber discovery goals.
  • Model and Protocol Testing and Training: Applies the selected models, protocols, and tools against a training set of appropriate data to validate selected cyber discovery approaches.

Tuning: Qualification and Evaluation

  • Model and Protocol Qualification: Applies the selected models, protocols, and tools against a validation set of appropriate data to qualify selected cyber discovery approaches.
  • Model and Protocol Evaluation: Applies the selected models, protocols, and tools against a validation set of appropriate data to evaluate selected cyber discovery approaches.

Discovery: Adaptation, Deployment, and Maintenance

  • Model and Protocol Adaptation (Adjustment): Leverages pre-trained and pre-tuned models, protocols, and tools to serve as the starting point for faster and more efficient achievement of cyber discovery goals as defined by cyber discovery objective questions.
  • Model and Protocol Deployment (Execution): Takes trained models, protocols, and tools and makes them available to data scientists, data providers, and data reviewers to answer questions defined in cyber discovery objective questions.
  • Model and Protocol Maintenance (Monitoring): Monitors models, protocols, and tools and their impact on the achievement of defined cyber discovery objectives.

Response: Cyber Discovery Understanding

  • Cyber Discovery Action: Assesses the value proposition of the deployed models, protocols, and tools. Estimates (before deployment) and verifies (after deployment) the achievement of insight and intelligence objectives that can answer defined cyber discovery goal questions and drive an appropriate business, legal, or regulatory response.

This non-all-inclusive reference model may be useful for visualizing one potential approach to cyber discovery. It may also be useful for framing discussions that dive deep into the conduct of specific cyber discovery actions ranging from proactive cybersecurity assessments to reactive post-data breach discovery and review efforts in support of incident responses.

References

1 European Union Agency for Cybersecurity, 2020. Artificial Intelligence Cybersecurity Challenges. [online] European Union Agency for Cybersecurity. Available at: https://digital-strategy.ec.europa.eu/en/library/report-artificial- intelligence-cybersecurity-challenges [Accessed 2 May 2021].

2 EDRM | Empowering the Global Leaders of eDiscovery. 2021. EDRM. [online] Available at: https://edrm.net/. [Accessed 2 May 2021]

3 Robinson, R., 2021. Considering Cyber Discovery? A Strategic Framework. [online] ComplexDiscovery. Available at: https://complexdiscovery.com/ [Accessed 2 May 2021].

4 All, A., 2014. Data Discovery Is Changing Business Intelligence. [online] Enterprise Apps Today. Available at: http:// www.enterpriseappstoday.com/business-intelligence/data-discovery-is-changing-business-intelligence.html [Accessed 2 May 2021].

5 Grossman, M. and Cormack, G., 2013. The Grossman-Cormack Glossary of Technology-Assisted Review. Federal Courts Law Review, [online] 7(1). Available at: https://www.fclr.org/fclr/articles/html/2010/grossman.pdf [Accessed 2 May 2021].

6 Wikipedia. 2021. Insight. [online] Available at: https://en.wikipedia.org/wiki/Insight [Accessed 2 May 2021].

7 In: Lexico (Oxford). 2021. Intelligence. [online] Available at: https://www.lexico.com/definition/intelligence [Accessed 2 May 2021].

*Modified and shared with permission under Creative Commons – Attribution 4.0 International (CC BY 4.0) – license.

Learn More. Today.

Contact us today to learn more about how HaystackID can help solve specific and critical Cyber Discovery challenges with offerings to include our ReviewRight® Protect™ post-data breach discovery and review services. Learn more about ReviewRight Protect at https://haystackid. com/backgrounder-reviewright-protect/.

About HaystackID

HaystackID™ is a specialized eDiscovery services firm that helps corporations and law firms securely find, understand and learn from data when facing complex, data-intensive investigations and litigation. HaystackID mobilizes industry-leading computer forensics, eDiscovery, and attorney document review experts to serve more than 500 of the world’s leading corporations and law firms in North America and Europe. Serving nearly half of the Fortune 100, HaystackID is an alternative legal services provider that combines expertise and technical excellence with a culture of white-glove customer service. The company was recently named a worldwide leader in eDiscovery services by IDC MarketScape and was included as a representative provider in Gartner’s Market Guide for E-Discovery Solutions. For more information about its suite of services, including programs and solutions for unique legal enterprise needs, go to HaystackID.com.

Read the original post.

Additional Reading

Source: ComplexDiscovery

Interested in Contributing?

ComplexDiscovery regularly reports on key cyber, data, and legal discovery business spheres of interest ranging from market size and mergers to business confidence and vendor developments.

We do not offer ads on the website but like to support our work with voluntary contributions from those who enjoy and benefit from the research, news, and articles shared. Your support is greatly appreciated and will be directly used to support our publishing efforts for our dynamic community of cyber, data, and legal discovery professionals.

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is an online publication that highlights cyber, data and legal discovery insight and intelligence ranging from original research to aggregated news for use by business, information technology, and legal professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data and legal discovery organizations. Registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world, ComplexDiscovery OÜ operates virtually worldwide to deliver marketing consulting and services.

[Legal Education Webcast] Breaches, Responses, and Challenges: Cybersecurity Essentials That Every Lawyer Should Know

Every large corporation and organization today face the significant threat of...

Classifying Ransomware? A Ransomware Classification Framework Based on File-Deletion and File-Encryption Attack Structures

This paper evaluates attack methodologies of a ransomware attack: the underlying...

Thwarting Architectural Imbalance? Considering Dynamic Distributed Secure Storage Against Ransomware

In this paper, the authors focus on ransomware, which is a...

Considering Ransomware Risk Management? A Cybersecurity Framework Profile from NIST

Ransomware is a type of malicious attack where attackers encrypt an...

Magnet Forensics Acquires DME Forensics

According to the announcement, under the terms of the agreement, Magnet...

Consilio to Acquire Legal Consulting and eDiscovery Business Units of Special Counsel from Adecco

According to Laurie Chamberlin, Head of Professional Recruitment and Solutions North...

Nuix Acquires Natural Language Processing Company

According to Nuix CEO Rod Vawdrey, “Topos will strengthen Nuix’s product...

UnitedLex Acquires BlackStone Discovery

According to John P. Kelly, CEO and founder of BlackStone Discovery,...

A New Era in eDiscovery? Framing Market Growth Through the Lens of Six Eras

There are many excellent resources for considering chronological and historiographical approaches...

An eDiscovery Market Size Mashup: 2020-2025 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Resetting the Baseline? eDiscovery Market Size Adjustments for 2020

An unanticipated pandemeconomic-driven retraction in eDiscovery spending during 2020 has resulted...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Five Great Reads on Cyber, Data, and Legal Discovery for August 2021

From the interplay of digital forensics in eDiscovery to collecting online...

Five Great Reads on Cyber, Data, and Legal Discovery for July 2021

From considerations for cyber insurance and malware to eDiscovery business confidence...

Five Great Reads on eDiscovery for June 2021

From remediating cyberattacks to eDiscovery pricing, the June 2021 edition of...

Five Great Reads on eDiscovery for May 2021

From cyber discovery and data breaches to business of law and...

More Keepers? Predictive Coding Technologies and Protocols Survey – Fall 2021 Results

From the most prevalent predictive coding platforms to the least commonly...

Glowing Expectations? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2021

In the summer of 2021, 63.3% of survey respondents felt that...

Issues Impacting eDiscovery Business Performance: A Summer 2021 Overview

In the summer of 2021, 24.4% of respondents viewed increasing types...

Looking Up? eDiscovery Operational Metrics in the Summer of 2021

In the summer of 2021, 80 eDiscovery Business Confidence Survey participants...