There is an old proverb that generals and soldiers are always prepared to fight the last war. This has proved true on a number of occasions throughout history. Winston Churchill wrote in his biography, “It is a joke in Britain to say that the War Office is always preparing for the last war.” This demonstration of the last war mentality can be traced to the days of Napoleon who consistently beat opponents who tried fighting the “last war.”
THE QUESTIONS A JUDGE WILL ASK YOU AFTER A DATA BREACH
If you are breached and your case goes to litigation, you will likely be asked to demonstrate “due care” and that your controls were “reasonable.” Many are surprised to learn that a breach by itself does not constitute negligence in most cases. But judges will ask a set of questions that help them determine whether your controls were reasonable.
These questions bear a close resemblance to information security risk assessments; they both try to balance the likelihood and impact of foreseeable threats against the burden of safeguards. This presentation will explain judicial balancing tests, how they relate to regulatory definitions of “reasonable” risk, and how to conduct risk assessments that prepare you to answer the tough questions before you need to be asked.
THE HALOCK EXPERIENCE.
PENETRATION TEST PROJECT PLAN An overview of what you should expect – from scoping, planning and preparation, field work, results, and post assessment.
METHODOLOGY The approach for each step of the penetration test.
DELIVERABLES A complete look at what our penetration testing provides from proposal for services, project plan, and penetration test report. The comprehensive report includes project schedule, stakeholder register, exploit walkthroughs, detailed findings, and more.
CASE STUDY Retailer, with e-commerce and physical store locations that required PCI DSS compliance.