If you are breached and your case goes to litigation, you will likely be asked to demonstrate “due care” and that your controls were “reasonable.” Many are surprised to learn that a breach by itself does not constitute negligence in most cases. But judges will ask a set of questions that help them determine whether your controls were reasonable. (more…)
This two-hour workshop will demonstrate how to conduct a risk assessment – from beginning to end – using CIS’ new risk assessment method. A brief introduction to CIS RAM’s foundations will be followed by example walk-throughs of developing criteria for assessing and accepting risk, for evaluating current controls for risk acceptability, and for modeling safeguards that are demonstrably reasonable and appropriate. (more…)
SOC 2 Audit Changes. Most Americans are aware of April 15th, the traditional date for filing taxes in the U.S. If you are a privately owned technology service provider that manages and stores personal data, then there is another deadline that falls on the 15th that should concern you. Starting December 15, all companies that currently undergo SOC 2 examinations must comply with the new guidance and Trust Services Criteria that was established in the 2017 amendment. The changes are a result of mapping SOC 2 controls to the 17 principles of the widely adapted internal control framework created by the Committee of Sponsoring Organizations (COSO).
Four Chicago-area cybersecurity experts shared their thoughts with Crain’s Custom Media on this ever-changing landscape, including what organizations can do to keep their workplaces, employees and customers safe. Read the discussion.
NIST Cyber Security Risk Management Conference – Reasonable Risk. Our partner, Chris Cronin will be speaking with Phyllis Lee of the CIS (Center for Internet Security), and Paul Otto, of Hogan Lovells US LLP. (more…)
