For Attorneys & Legal

Defining Reasonable Security? HALOCK knows Duty of Care

When clients face cybersecurity challenges they need the right combination of experts to advise them, as cybersecurity risks are not exclusively a legal, business, or technical challenge. Risks can be created on corporate boards, in the C-Suite, within technical systems, or in the hands of end-users. Moreover, impacts can occur during a breach, or after a regulator reviews a case. And because cybersecurity risk and compliance is multi-disciplinary, advisors must capably address many specialized subjects at once to serve their clients well.

Cyber Security Duty of Care Risk Reasonable Security

Reasonable Security is Now Defined

The Sedona Conference – an influential think tank that advises attorneys, regulators, and judges on challenging technical matters – just released its Commentary on a Reasonable Security Test. The Commentary is the first document of its kind that provides the legal community with a clear definition of a “reasonable” security control.

HALOCK’s Chris Cronin was a co-author of Commentary on a Reasonable Security Test. To learn how to apply the test, contact us.


What is Reasonable Security for You or Your Client?

HALOCK Security Labs partners with attorneys and law firms to support clients for regulatory, strategic, and litigation matters using due care and reasonable person principles. HALOCK has pioneered an approach to risk analysis that aligns with regulatory standards for “reasonable” and “appropriate” safeguards and risk, and judicial “multifactor balancing tests” in data breach law suits. HALOCK has produced two emerging standards for cybersecurity risk management to promote our approach; the DoCRA Standard (Duty of Care Risk Analysis) maintained by the DoCRA Council, and CIS RAM (Risk Assessment Method) distributed by the prestigious Center for Internet Security.

By partnering with HALOCK, law firms expertly advise and represent their clients on legal, regulatory, and strategic matters while effortlessly demonstrating how clients’ complex technical decisions are defensibly reasonable. HALOCK is headquartered in Schaumburg, IL, in the Chicago area and advises clients on duty of care, regulatory compliance, and reasonable information security throughout the US.

Contact Us

Reasonable Security Resources

In Archive360’s Podcast Episode 29: What is “Reasonable Data Security”?, Bill Tolson and Chris Cronin, Partner, Governance and Engineering Practice at HALOCK Security Labs try and define “reasonable data security” – a term that continually appears in every states’ privacy law or proposed legislation. 

PODCAST: Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Chris Cronin, ISO 27001 Auditor and Partner at HALOCK, a leading information security consultancy. Their discussion focuses on “reasonableness” as it relates to cybersecurity risk management.

RIMS: RiskWorld Recording: Reasonable Security & The Questions a Judge Will Ask You After a Data Breach In post-data breach litigation, you must demonstrate due care and reasonable control. Learn what basic questions the court will ask and how the duty of care risk assessment (DoCRA)—based on judicial balancing tests and regulatory definitions of reasonable risk—helps you answer them. 

RSA CONFERENCE 2022: A Proven Methodology to Secure the Budget You Need in a Transforming World  |  Recording of Presentation