Advisory & Strategic Planning

Cyber security risk evaluation for M&A matters, and to assist clients who are changing their business operations.

What Is a Cyber Security Plan?

Cyber security governance plans are critical components of any significant change in business operations — from mergers and acquisitions (M&A) to evolving service offerings and new corporate partnerships. These plans are designed to identify potential risks, implement key defenses and improve corporate response to emerging threats. They assess the small- and large-scale impacts of business change across the IT landscape. They’re also an essential element of any corporate effort to help achieve cyber security compliance and address evolving regulatory expectations.


Purpose-Driven Cyber Security Advisory

The changing nature of cyber security threats, initiatives and outcomes makes it possible for companies to spend significant time and resources deploying new solutions and still find themselves struggling to keep pace. Purpose-driven cyber security strategic planning and advisory services from HALOCK can help. We’ve refined our typical approach to cyber security planning guides by prioritizing reasonable and appropriate risk management to deliver the right amount of security — applied in the right way — to protect critical assets. Our experts can help your team develop a cyber security strategic plan that meets current needs and addresses ongoing challenges without compromising performance.


Example Engagement Advisory & Strategic Planning for a Pharmaceutical Manufacturer

A pharmaceutical was planning a significant change in their operations, but needed to understand the potential risks and liabilities they might have faced when they took on protected health information (PHI). HALOCK worked with the client’s external counsel to help evaluate the information security and compliance risks in the proposed environment. Using Duty of Care Risk Analysis (“DoCRA”) counsel and HALOCK analyzed the risks of the proposed new venture and developed a roadmap that was evidenced as a “reasonable and appropriate” end-state. By evaluating the inherent risks of the proposed venture, and by receiving recommended safeguards that were demonstrably less burdensome than the risks, the client was able move forward with due care for their customers, and in compliance to regulatory requirements.

Reasonable Security is Defined

The Sedona Conference – an influential think tank that advises attorneys, regulators, and judges on challenging technical matters – just released its Commentary on a Reasonable Security Test. The Commentary is the first document of its kind that provides the legal community with a clear definition of a “reasonable” security control.

HALOCK’s Chris Cronin was a co-author of Commentary on a Reasonable Security Test. Learn how to apply the test.