Events

When: October 6, 2020 - October 6, 2020

Where: Virtual

Description: When an interested party comes knocking after a breach, are you prepared to show your security program was reasonable and appropriate? The recently published Duty of Care Risk Analysis standard and related methods are now available for organizations to leverage. Terry Kurzynski, Senior Partner from HALOCK Labs, contributing author of the Center for Internet Security’s Risk Assessment Method (CIS RAM) and founding Board Member of the DoCRA Council (Duty of Care Risk Analysis), will present the facts on how to prepare your organization for scrutiny from any and all interested parties. Until recently the definition of “Reasonable Controls” and “Acceptable Risk” has been vague and left up to the security and risk practitioners in each organization. Most decisions are made ad hoc leaving the organizations open to fines and class action lawsuits related to an incident. In all breach/incident cases there is always a control or configuration that could have prevented the breach. The regulator, judge, or other interested party wants to understand; “why you did not have that particular control or configuration in place?” Having the calculus to demonstrate your understanding of the foreseeable harm that could come to you and others (outside of the organization) and how you were planning on addressing the reduction of impact or probability is what the interested parties want to see. Are you performing your duty?

When: October 15, 2020 - October 15, 2020

Where: WebEx

Description: The BDO Alliance USA Business Resource Network (BRN) Client Focused Conversations (CFC). Speaker: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR.

When: October 15, 2020 - October 15, 2020

Where: Virtual

Description: In LabMD, Inc. v. Federal Trade Commission, the United States Court of Appeals for the Eleventh Circuit vacated the FTC’s order that LabMD implement the FTC-designed security program on grounds it required an “indeterminable standard of reasonableness.” The panel will discuss LabMD, Inc. and the most promising standard that has emerged in the wake of it—one based upon a duty-of-care risk analysis. Such an approach has been adopted by the Center for Internet Security, and it has been used by Pennsylvania’s OAG in a settlement with Expedia. It is also the subject of an important, current study by the Sedona Conference; and two members from the Sedona Conference will be part of the panel. Chris Cronin, Halock Security Labs, Schaumburg, IL William R. Sampson, Shook Hardy & Bacon LLP, Kansas City, MO