CIS RAM (Center for Internet Security® Risk Assessment Method) was developed by HALOCK Security Labs in partnership with CIS. HALOCK had been providing CIS RAM methods for several years with a positive response from legal authorities, regulators, attorneys, business executives, and technical leaders. HALOCK and CIS collaborated to bring the methods to the public as CIS RAM in 2018. CIS is a founding member of the DoCRA Council that maintains the risk analysis standard that CIS RAM is built upon.
The Duty of Care Risk Analysis (DoCRA) standard provides a method to establish reasonable security and acceptable risk by balancing an organization’s mission, objectives, and obligations.
Photos from CIS at the CIS Controls 7 launch – 2018
![CIS Controls Launch](https://www.halock.com/wp-content/uploads/2019/12/CIS-CONTROLS-7-Launch-HALOCK-Chris-Cronin-1024x417.jpg)
![CIS RAM DoCRA Reasonable Security Chris Cronin HALOCK](https://www.halock.com/wp-content/uploads/2019/12/CIS-CONTROLS-7-Launch-HALOCK-Chris-Cronin-DoCRA-1024x625.jpg)
![CIS RAM DoCRA Reasonable Security Chris Cronin HALOCK](https://www.halock.com/wp-content/uploads/2019/12/CIS-LAUNCH-HALOCK-CHRIS-CRONIN-1024x644.jpg)
![Reasonable Security](https://www.halock.com/wp-content/uploads/2022/04/Reasonable-Security-CIS-DoCRA.jpg)
ESTIMATING RISK BY INDUSTRY
Estimate risk based on real threat data. Read Appendix D in the 2024 Verizon Data Breach Investigations Report (DBIR) to augment your risk analysis.