For Attorneys & Legal

Defining Reasonable Security? HALOCK knows Duty of Care


When clients face cybersecurity challenges they need the right combination of experts to advise them, as cybersecurity risks are not exclusively a legal, business, or technical challenge. Risks can be created on corporate boards, in the C-Suite, within technical systems, or in the hands of end-users. Moreover, impacts can occur during a breach, or after a regulator reviews a case. And because cybersecurity risk and compliance is multi-disciplinary, advisors must capably address many specialized subjects at once to serve their clients well.

UPDATE: The SEC’s new rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure require public companies to describe their cybersecurity programs in their periodic reporting and how they manage RISK.

Cyber Security Duty of Care Risk Reasonable Security

Reasonable Security is Defined

The Sedona Conference – an influential think tank that advises attorneys, regulators, and judges on challenging technical matters – released its Commentary on a Reasonable Security Test. The Commentary is the first document of its kind that provides the legal community with a clear definition of a “reasonable” security control.

HALOCK’s Chris Cronin was a co-author of Commentary on a Reasonable Security Test. To learn how to apply the test, contact us.


What is Reasonable Security for You or Your Client?

HALOCK Security Labs partners with attorneys and law firms to support clients for regulatory, strategic, and litigation matters using due care and reasonable person principles. HALOCK has pioneered an approach to risk analysis that aligns with regulatory standards for “reasonable” and “appropriate” safeguards and risk, and judicial “multifactor balancing tests” in data breach law suits. HALOCK has produced two emerging standards for cybersecurity risk management to promote our approach; the DoCRA Standard (Duty of Care Risk Analysis) maintained by the DoCRA Council, and CIS RAM (Risk Assessment Method) distributed by the prestigious Center for Internet Security.

By partnering with HALOCK, law firms expertly advise and represent their clients on legal, regulatory, and strategic matters while effortlessly demonstrating how clients’ complex technical decisions are defensibly reasonable. HALOCK is headquartered in Schaumburg, IL, in the Chicago area and advises clients on duty of care, regulatory compliance, and reasonable information security throughout the US.

Contact Us