WHAT’S NEW
NEWS & UPDATES
What are my Legal Obligations when it comes to Cybersecurity?
PERSPECTIVE: A Cybersecurity Recap of 2018 and Peek into 2019
The Current State of Financial Services Data Breaches
HEALTHCARE: Overview of Healthcare Data Breaches and Risk
More industry insights.
INSIGHTS
YOUR CHANGING THREAT POSTURE
There is an old proverb that generals and soldiers are always prepared to fight the last war. This has proved true on a number of occasions throughout history. Winston Churchill wrote in his biography, “It is a joke in Britain to say that the War Office is always preparing for the last war.” This demonstration of the last war mentality can be traced to the days of Napoleon who consistently beat opponents who tried fighting the “last war.”
The same can be said for cybersecurity as well.
INFORMATION SECURITY RESOURCES
THE QUESTIONS A JUDGE WILL ASK YOU AFTER A DATA BREACH
If you are breached and your case goes to litigation, you will likely be asked to demonstrate “due care” and that your controls were “reasonable.” Many are surprised to learn that a breach by itself does not constitute negligence in most cases. But judges will ask a set of questions that help them determine whether your controls were reasonable.
These questions bear a close resemblance to information security risk assessments; they both try to balance the likelihood and impact of foreseeable threats against the burden of safeguards. This presentation will explain judicial balancing tests, how they relate to regulatory definitions of “reasonable” risk, and how to conduct risk assessments that prepare you to answer the tough questions before you need to be asked.
THE HALOCK EXPERIENCE.
PENETRATION TEST PROJECT PLAN
An overview of what you should expect – from scoping, planning and preparation, field work, results, and post assessment.
METHODOLOGY
The approach for each step of the penetration test.
DELIVERABLES
A complete look at what our penetration testing provides from proposal for services, project plan, and penetration test report. The comprehensive report includes project schedule, stakeholder register, exploit walkthroughs, detailed findings, and more.
CASE STUDY
Retailer, with e-commerce and physical store locations that required PCI DSS compliance.