Category Archives: Duty of Care Risk Assessment (DoCRA)

2023 Cybersecurity Regulatory and Resources Calendar
Managing your security program is challenging, especially with compliance requirements evolving.
Here is a quick overview of the regulatory landscape for 2023. This reference provides links to the law or rules. It also includes references to help you make informed decisions on priorities, resources and technology to manage your risk.

Herff Jones: Graduation Purchases Lead to a Data Breach and a $4.35 Million Settlement
Herff Jones has been in business for over a century, selling graduation products such as caps and gowns, class rings and yearbooks to students and their parents to help mark their educational accomplishments. On May 12, 2021, the company posted a red banner on the top of its homepage that read “HERFF JONES CYBER SECURITY INCIDENT UPDATE.” The company was the victim of a data breach that occurred between August 1, 2020, and April 30, 2021. The attackers managed to place malware on the company’s servers that was then used to capture customer payment card information. This event resulted in a litigation suit affecting thousands of students and parents from across the country.
(more…)
Enterprise Risk Security Management: A Proven Methodology to Secure the Budget You Need
CAMP IT Enterprise Risk & Security Management Conference

What is “Reasonable Data Security”?
In Archive360’s Podcast Episode 29: What is “Reasonable Data Security”?, Bill Tolson and Chris Cronin, Partner, Governance and Engineering Practice at HALOCK Security Labs try and define “reasonable data security” – a term that continually appears in every states’ privacy law or proposed legislation. But what is “reasonable data security”? Today, there is no prescriptive definition for “reasonable data security”. Chris Cronin will share what he tells his clients and the best policies and procedures for staying compliant.
LISTEN TO THE PODCAST

‘Reasonable Security’ News and Headlines
A review of recent developments and news on ‘reasonable security’ and the impact on the cybersecurity industry. Stay updated to see how they could affect your organization.

Reasonable Security: Getting on the same page
As regulations and privacy laws require ‘reasonable security’, we are seeing more organizations focusing on their duty of care to all interested parties. We are finding more references to ‘reasonableness’ in breach litigation and security programs. The goal is to have all relevant teams involved in analyzing the appropriate risk for your unique business environment. It is a positive sign that there are increased efforts to incorporate all perspectives to mitigate risk and manage cyber threats – and finding a common language to do so. And more importantly, developing a security program holistically.


CIS RAM v2.1 for Implementation Group 3 (IG3) Workshop
Join us today Tuesday, June 21, 2022 at 1:00 PM ET for the CIS RAM v2.1 workshop. HALOCK partner Chris Cronin will be presenting the latest release which includes Implementation Group 3 (IG3).