CIS RAM (Center for Internet Security® Risk Assessment Method) was developed by HALOCK Security Labs in partnership with CIS. HALOCK had been providing CIS RAM methods for several years with a positive response from legal authorities, regulators, attorneys, business executives, and technical leaders. HALOCK and CIS collaborated to bring the methods to the public as CIS RAM in 2018. CIS is a founding member of the DoCRA Council that maintains the risk analysis standard that CIS RAM is built upon.
The Duty of Care Risk Analysis (DoCRA) standard provides a method to establish reasonable security and acceptable risk by balancing an organization’s mission, objectives, and obligations.
Photos from CIS at the CIS Controls 7 launch – 2018