Category Archives: Duty of Care Risk Assessment (DoCRA)

Organizations have a lot of data; more than we realize, and it continues to grow.

Each day, we create and store all this data in our systems then pack it up and save it somewhere – just to put it away, even temporarily… until it is needed. The challenge is how to easily manage, categorize, and locate specific information in your vast network. Imagine trying to locate your crying child’s favorite blanket you packed away in one of the hundreds of cardboard boxes for your move; you know you packed it, but you need to find it now. (more…)

We forecast cybersecurity events not to predict the future, but to change it. Regulators and litigators all hold us accountable for knowing foreseeable threats so we can avoid them. But what is foreseeable? (more…)

CMMC and CCPA are very different requirements that push security organizations in new directions. CMMC is specific and for the DoD supply chain. (more…)

Be Our Guest. The Fourth Annual Denver Cyber Security Summit goes virtual as it connects C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. (more…)

There has been a 273% increase in records exposed compared to last year. It makes sense that more organizations are pursuing cyber security insurance to minimize their cost impact. (more…)

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discusses DoCRA – Duty of Care Risk Analysis. (more…)

Thank goodness we have partners, suppliers, contractors, and third-party service providers to keep our businesses operating smoothly. But let’s make sure that your security postures are aligned – your partners serve as an extension of your business and it is your duty to ensure they are secure and in compliance with your standards as well as applicable laws and regulations. (more…)

Seeking input on proposed changes to the Gramm-Leach-Bliley Act’s Safeguards Rule, the Federal Trade Commission (FTC) conducted (more…)

The Federal Trade Commission (FTC)

has been vaguely requiring financial institutions to use “reasonable” security controls since 1999. That is about to change. (more…)

NetDiligence Cyber Risk Summit: What is Reasonable Cyber Security?

The panel provided an overview of the risk-based analysis process that substantiates the method, and presented the legal, regulatory, and security best-practice history that informs the method. Each participant presented why the method successfully substantiates the term “reasonable” in their work and provided anecdotes that illustrate how it has been used on their experience. (more…)