Category Archives: Duty of Care Risk Assessment (DoCRA)
What is “Reasonable Data Security”?
In Archive360’s Podcast Episode 29: What is “Reasonable Data Security”?, Bill Tolson and Chris Cronin, Partner, Governance and Engineering Practice at HALOCK Security Labs try and define “reasonable data security” – a term that continually appears in every states’ privacy law or proposed legislation. But what is “reasonable data security”? Today, there is no prescriptive definition for “reasonable data security”. Chris Cronin will share what he tells his clients and the best policies and procedures for staying compliant.
LISTEN TO THE PODCAST
‘Reasonable Security’ News and Headlines
A review of recent developments and news on ‘reasonable security’ and the impact on the cybersecurity industry. Stay updated to see how they could affect your organization.
Reasonable Security: Getting on the same page
As regulations and privacy laws require ‘reasonable security’, we are seeing more organizations focusing on their duty of care to all interested parties. We are finding more references to ‘reasonableness’ in breach litigation and security programs. The goal is to have all relevant teams involved in analyzing the appropriate risk for your unique business environment. It is a positive sign that there are increased efforts to incorporate all perspectives to mitigate risk and manage cyber threats – and finding a common language to do so. And more importantly, developing a security program holistically.
(more…)
CIS RAM v2.1 for Implementation Group 3 (IG3) Workshop
Join us today Tuesday, June 21, 2022 at 1:00 PM ET for the CIS RAM v2.1 workshop. HALOCK partner Chris Cronin will be presenting the latest release which includes Implementation Group 3 (IG3).
Reasonable Security in the News
Recent developments and news on ‘reasonable security’ Understand how these updates may impact your risk and security strategies.
Duty of Care
As cyber threats continue to advance, we are seeing more regulatory changes to help safeguard data. We are also seeing more litigation as victims of breaches try to recoup their losses. The key question that impacts both developments is “Did the breached organization practice Duty of Care?”
