Advisory & Strategic Planning

Cyber security risk evaluation for M&A matters, and to assist clients who are changing their business operations.

What Is a Cyber Security Plan?

Cyber security governance plans are critical components of any significant change in business operations — from mergers and acquisitions (M&A) to evolving service offerings and new corporate partnerships.

These plans are designed to identify potential risks, implement key defenses and improve corporate response to emerging threats. They assess the small- and large-scale impacts of business change across the IT landscape. They’re also an essential element of any corporate effort to help achieve cyber security compliance and address evolving regulatory expectations.

Purpose-Driven Cyber Security Advisory

The changing nature of cyber security threats, initiatives and outcomes makes it possible for companies to spend significant time and resources deploying new solutions and still find themselves struggling to keep pace.

Purpose-driven cyber security strategic planning and advisory services from HALOCK can help. We’ve refined our typical approach to cyber security planning guides by prioritizing reasonable and appropriate risk management to deliver the right amount of security — applied in the right way — to protect critical assets.

Our experts can help your team develop a cyber security strategic plan that meets current needs and addresses ongoing challenges without compromising performance.

Example Engagement Advisory & Strategic Planning for a Pharmaceutical Manufacturer

A pharmaceutical was planning a significant change in their operations, but needed to understand the potential risks and liabilities they might have faced when they took on protected health information (PHI).

HALOCK worked with the client’s external counsel to help evaluate the information security and compliance risks in the proposed environment.

Using Duty of Care Risk Analysis (“DoCRA”) counsel and HALOCK analyzed the risks of the proposed new venture and developed a roadmap that was evidenced as a “reasonable and appropriate” end-state. By evaluating the inherent risks of the proposed venture, and by receiving recommended safeguards that were demonstrably less burdensome than the risks, the client was able move forward with due care for their customers, and in compliance to regulatory requirements.



Reasonable Security is Now Defined

The Sedona Conference – an influential think tank that advises attorneys, regulators, and judges on challenging technical matters – just released its Commentary on a Reasonable Security Test. The Commentary is the first document of its kind that provides the legal community with a clear definition of a “reasonable” security control.

HALOCK’s Chris Cronin was a co-author of Commentary on a Reasonable Security Test. Learn how to apply the test.


Reasonable Security Resources

In Archive360’s Podcast Episode 29: What is “Reasonable Data Security”?, Bill Tolson and Chris Cronin, Partner, Governance and Engineering Practice at HALOCK Security Labs try and define “reasonable data security” – a term that continually appears in every states’ privacy law or proposed legislation. 

PODCAST: Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Chris Cronin, ISO 27001 Auditor and Partner at HALOCK, a leading information security consultancy. Their discussion focuses on “reasonableness” as it relates to cybersecurity risk management.

RIMS: RiskWorld Recording: Reasonable Security & The Questions a Judge Will Ask You After a Data Breach In post-data breach litigation, you must demonstrate due care and reasonable control. Learn what basic questions the court will ask and how the duty of care risk assessment (DoCRA)—based on judicial balancing tests and regulatory definitions of reasonable risk—helps you answer them. 

RSA CONFERENCE 2022: A Proven Methodology to Secure the Budget You Need in a Transforming World  |  Recording of Presentation