Information security professionals face more than technical challenges in our work. We also face business, legal, and regulatory challenges. When we explain to executives, attorneys, and auditors why safeguards are appropriate even if they are not 100% applied, we should be able to describe that using their terms. CIS RAM helps organizations evaluate and design their use of CIS Controls so they reduce technical risks in a way that management, regulators, and legal authorities understand. CIS RAM aligns with the “multi-factor” balancing tests used by judges, and “reasonable” standards embedded in regulations. Because reasonableness balances business interests with the public interest, executives can begin to speak the language of cybersecurity security with more confidence.
CIS (Center for Internet Security) and HALOCK Security Labs have co-developed the CIS Risk Assessment Method (RAM) to help organizations justify investments for "reasonable" implementation of the CIS Controls. CIS RAM helps organizations define their acceptable level of risk, and to prioritize and implement the CIS Controls to manage their risk. CIS RAM is based on the Duty of Care Risk Analysis standard (DoCRA.org) and recognized by attorneys, regulators, and interested parties alike for its ability to demonstrate reasonable and appropriate implementation of controls.
Information Security and Risk professionals are faced with the need to satisfy many interested parties, all of which have vastly different concerns. Whether an Executive, Attorney, Regulator, Customer/Supplier or IT Security Professional, the DoCRA based CIS RAM addresses the unique challenges of multiple interested parties.
Learn how you can implement for your organization with just the right amount of security — not too much, not too little — striking a balance between keeping you safe and ensuring your organization can conduct business as usual.
CIS RAM is based on "duty of care" risk analysis which applies to any security standard or regulation.
Regardless of your industry, CIS RAM guides users for compliance and balance with all regulatory requirements such as HIPAA Security Rule, PCI DSS, Massachusettes 201 CMR 17.00, SOX Audit Standard 5, and FISMA. CIS RAM conforms to ISO 27005 and NIST 800-30. Learn more about this risk assessment methodology with HALOCK and schedule a demonstration for your specific business needs.
Attend the webinar to learn more about CIS RAM.