HALOCK Media
HALOCK News
Key Learnings from Early Disclosures Another survey conducted by cybersecurity consulting firm Halock Security Labs published in September 2024 reviewed thousands of 10-Ks filed since December 2023 and found that only 24 of the forms listed risk assessment methods. The report claims that (more...)
Companies may not be fully grasping—or explaining—how they handle cyber risk in their 10-K annual reports, leading some to unintentionally cast their attack defenses as stronger than they are. Such are the findings from cybersecurity consulting firm Halock Security Labs’ review of thousands of (more...)
Friday’s Supreme Court ruling “basically says that an omission in your S-K disclosures would be actionable only if it would have countered statements you did make. So, if you don’t feel like disclosing a risk, then also avoid making affirmative (more...)
ABOUT INSIDER: A brief Q&A synopsis from Health Care Law Today podcast featuring Foley Partner Jen Rathburn interviewing Terry Kurzynski, founder of HALOCK Security Labs. Jen has been practicing for almost 20 years in data privacy and security. Terry has (more...)
As regulations and privacy laws require ‘reasonable security’, we are seeing more organizations focusing on their duty of care to all interested parties. There are more references to ‘reasonableness’ in breach litigation, and inquiries in how company security programs are (more...)
Spirion, a data protection and compliance company based in St. Petersburg, Fla., launched its Global Alliance Partner Program, which spans software developers, technology providers, systems integrators and solution providers. Partners will "extend the functionality" of Spirion's Data Privacy Management Framework, (more...)
Cyber Security: A Peer-Reviewed Journal, Volume 3 / Number 4 Regulators, litigators and cyber security standards require that cyber security controls should be ‘reasonable’. But rarely do these authorities define what the word means. Lawyers and regulators have long stated (more...)
The Center for Internet Security, Inc. (CIS®): In episode 29 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Chris Cronin, ISO 27001 Auditor and Partner at HALOCK, a leading information security consultancy. Their discussion (more...)
“a) That risk assessments should evaluate the likelihood of magnitudes of harm that result from threats and errors, b) That risk assessments should explicitly estimate foreseeable harm to consumers as well as to the covered financial institutions, c) That risk (more...)
CIS RAM was developed by HALOCK Security Labs in partnership with CIS. HALOCK has used CIS RAM’s methods for several years with positive response from legal authorities, regulators, attorneys, business executives, and technical leaders. HALOCK and CIS collaborated to bring (more...)
Increasing need for risk management '... taking sufficient measures to secure the sensitive personal data of other people as state regulators are now starting to use a clear definition for reasonable, risk-based security in their injunctions. In terms of litigation, (more...)
The Center for Internet Security (CIS) recently released the CIS Risk Assessment Method (RAM) v2.0, an information security risk assessment method to help enterprises justify investments for reasonable implementation of the CIS Critical Security Controls (CIS Controls). CIS RAM was (more...)
Foley Partner Jen Rathburn sits down with Terry Kurzynski, found of HALOCK Security Labs on the Duty of Care Risk Analysis, especially as it pertains to health care.
CIS RAM is an interesting method at many levels. It conforms and supplements standards like ISO 27005, NIST Special Publications 800–30, or RISK IT. It also bridges two different risk analysis methods: the well known method found is U.S. regulations (more...)
In a post on Halock.com, auditor Chris Cronin writes that as insurers try to model cyber risk and brokers try to get the right information from their clients it may be better to focus on management behavior than on hacker (more...)
At RSA Conference 2021, panelists debate the meaning of a very important word that may very well have an impact in data breach litigation
The Sedona Conference Working Group 11 (WG11) has provided the definition for reasonable security. In February 2021, The Sedona Conference released its Commentary on a Reasonable Security Test to help the regulatory and litigation communities “move the law forward in a reasoned (more...)
TECHOPEDIA - Industry experts discuss cybersecurity predictions for 2021.These are what they identified as likely issues facing enterprises and the IT professionals that must protect them. Measuring Reasonable Security (Duty of Care), Ransomware, Cybersecurity Training & Awareness, Email Vulnerability, Endpoint (more...)
A working group of the Sedona Conference has proposed a solid answer to these questions. By its own description, the Sedona Conference is a nonpartisan, nonprofit research and educational institute dedicated to the advanced study of specific law and policy, (more...)
The NetDiligence Virtual Summer Summit panel “What is Reasonable Cybersecurity?” proves, defining “reasonable” is not an easy task. Moderator Andy Maher (AXIS) led panelists Chris Cronin (HALOCK), Doug Meal (Orrick LLP), and Tim Murphy (Office of the Attorney General for (more...)
Spirion, a data protection and compliance company based in St. Petersburg, Fla., launched its Global Alliance Partner Program, for data security which spans software developers, technology providers, systems integrators and solution providers. Partners will "extend the functionality" of Spirion's Data (more...)
Establishes technology and solution provider partner ecosystem committed to strengthening personal data protection through best-in-class solutions. “Our collaboration with Spirion is one of HALOCK’s most strategic partnerships designed to address some of the most complex challenges related to data protection (more...)
Based on the Duty of Care Risk Analysis (DOCRA) that many regulatory bodies rely on to ensure that organizations are delivering reasonable risk management practices to protect their customers and vendors, the CIS RAM aligns with the CIS Controls specifically (more...)
The Federal Trade Commission is seeking to ramp up mandated cybersecurity efforts for financial institutions by altering the Gramm-Leach-Bliley Act’s Safeguards Rule, which requires financial institutions to develop, implement and maintain a comprehensive information security program. “People are not generally (more...)
The Federal Trade Commission (FTC) released the final agenda for a July 13, 2020 virtual workshop that will seek input on proposed changes to the Gramm-Leach-Bliley Act’s Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security (more...)
Regulators, litigators and cyber security standards require that cyber security controls should be ‘reasonable’. But rarely do these authorities define what the word means. Lawyers and regulators have long stated that reasonableness is a balance between protecting others from harm (more...)
"... tying in other risk measurements with cyber-risk makes good sense, if only to have everyone using similar models, methods, and/or lexicon for risk management... Perhaps best known among these are the NIST risk management resources, cited by many as (more...)
Penetration testers are the frontline witnesses on cyber threats and vulnerabilities. They continue to see the same weaknesses and vulnerabilities within the enterprises they examine. Below, is a list of recommendations for you to be aware of in the year (more...)
Chicago Tribune - HALOCK Security Labs is conducting an informative webinar to help establish 'reasonable' risk cybersecurity controls, based on the Duty of Care Risk Analysis (DoCRA) standard. Do you know reasonable? Enhance your security strategy to address your changing (more...)
CHICAGO TRIBUNE - HALOCK Security Labs is conducting an informative webinar to help establish 'reasonable' cybersecurity controls, based on the Duty of Care Risk Analysis (DoCRA) standard. This event is hosted by Compliance Week at 2:00 p.m. EDT on Thursday, (more...)
CRAIN’S Cyber Security Roundtable: Protecting Data in An Era of Vulnerability featuring Chris Cronin
Insightful discussion with Chicagoland information security experts in Crain's Roundtable.
A key method that was showcased at the event was the practice of 'duty of care'. That is, businesses should assess their security controls to ensure that all parties are protected from potential harm.
HALOCK Security Labs today announced that it has become a Champion of National Cybersecurity Awareness Month (NCSAM) 2018. It will be joining a growing global effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals to promote (more...)
"While accountability starts with the CEO and corporate board, cyber security is a shared responsibility across every function and level of an organization." - article in Security Magazine. Read more on how information security professionals must be aligned when it (more...)
Schaumburg firm HALOCK celebrates over 20 years as an information security firm at the annual outing at Arlington Park. This year is quite special, as HALOCK co-developed with CIS® (Center for Internet Security), CIS RAM, an information security risk assessment method (more...)
The NetDiligence® CyberRisk Summit features leading experts in cyber security and cyber risk management participating in comprehensive panel discussions on hot topics, current issues and evolving trends in the cyber risk management industry. HALOCK partner Chris Cronin moderates an expert (more...)
It was the right thing to do My employer, HALOCK Security Labs, just gave away our highly valuable intellectual property. For years, we have been developing and improving a method for assessing cyber risk that acts as a universal translator (more...)
HALOCK investigated 63 U.S. mortgage lenders and found that over 45 (70%) permitted applicants to send personal and financial information over unencrypted email as email attachments. This information includes tax documents and W-2′s. Eight out of the eleven top U.S. (more...)
In a recent study conducted by HALOCK Security Labs, a cyber security consulting firm based in Schaumburg, Ill., it was discovered that seven out of 10 mortgage companies allow information-sharing practices that put your personal and financial data at grave (more...)
CIS® recently released CIS RAM (Center for Internet Security Risk Assessment Method); CIS RAM is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls cybersecurity best practices. Developed by HALOCK (more...)
A panel including Greg Johnson, Vice President and Assistant General Auditor of the Federal Reserve Bank and Chris Cronin, a partner in HALOCK Security Labs discussed the CIS Controls V7. Learn more about the CIS Controls and risk assessment method, CIS (more...)
by Glenn A. Stout Ph.D., CISM, GSEC, PMP As families prepare to take to the beaches, resorts and other vacation spots all over the world, bad actors area also preparing their various attacks on the unsuspecting. Use this vacation checklist (more...)
The Women in Cybersecurity Conference (WiCyS) will be held in Chicago on March 23-24 and HALOCK is a proud sponsor of this important event. WiCyS is a community in which women in the cyber security field can engage, encourage and support one (more...)
Digital mortgages are improving the borrowing experience for consumers, but they may also complicate fraud risks stemming from the Equifax data breach.
New cost reductions make cloud options more compelling than ever but, in a twist, experts say cloud platforms can be more secure than managed data centers.
Ransomware is one of the most insidious and diabolical weapons in a hacker’s arsenal because it effectively locks you out of your entire network — until you pay the ransom, that is.
The following guide points out 10 of the most common myths organizations have when it comes to cyber security risk management and compliance, as well as the facts. Knowing the difference between the two may be critical for your company (more...)
Mortgages can be problematic and even unsafe in a number of ways. Learn what to look out for and how to reduce your risk.
As the number of reported data breaches and hacking continues to blitz U.S. companies — over 6 million records exposed already this year, according to the Identity Theft Resource Center — IT budgets are ballooning to combat what corporations see (more...)
Terry Kurzynski is the founder and Senior Partner of HALOCK Security Labs. With a background in cyber security, networking, application development, audit, project management and consulting, Terry has a unique skill set in providing strategic advice to clients. Terry has two related (more...)
The U.S. needs much more than the recent $14 billion cybersecurity budget increase to keep up with the bad guys.
Cyber Security risk assessments are important not only because they are required, but because they help to secure a balance between our concerns with what may go wrong and our ability to invest against those threats. But if we are (more...)
Businesses often fail to proactively manage new technology and lack the budgeting for an in-house incident response team to investigate and contain security incidents, said Terry Kurzynski, a senior partner at Halock Security Labs.
It seems likely colleges and universities could face a higher number of cyberattacks and data breaches, as security vulnerabilities and other challenges remain a problem, according to HALOCK Security Labs.
In a recent study conducted by HALOCK Security Labs, a cyber-security consulting firm based in Schaumburg, Ill., it was discovered that seven out of 10 mortgage companies allow information-sharing practices that put your personal and financial data at grave risk. (more...)
In 2013, HALOCK Security Labs noted information security vulnerabilities at colleges and universities along with numerous challenges that plague these institutions across the United States. More breaches may come to light if higher education institutions do not rethink their security (more...)
In this month's debate, we received a number of responses to our debate topic this month, which covers the NSA's attempts to crack encryption methods.
Over the past few weeks, we've seen news coming out of the Edward Snowden leaks that we've been able to either shrug off or become perturbed by, depending on the details of each leak. But this past week, new information (more...)
NEWARK, Del. — A cyber attack on a University of Delaware computer system by hackers exposed more than 72,000 people to identity theft and could cost the school millions of dollars — and the full extent of the cyber security breach (more...)
Colleges and universities are putting the financial and personal information of students and parents at risk by allowing them to submit such sensitive data to the school in unencrypted email. That was a finding in a survey released Monday by (more...)
Then there are those looking for news of problems to try to further exploit weaknesses. That makes it critical for the university to thoroughly vet its internal system, said Terry Kurzynski, a partner at Halock Security Labs.
HALOCK in the Press
CHICAGO, Sept. 17, 2024 /PRNewswire/ -- HALOCK Security Labs and sister company, Reasonable Risk, recently published a survey report revealing that language in the SEC's new cybersecurity requirements appears to be confusing executives at (more...)
HALOCK Security Labs was recently recognized for their contribution to the 2024 Verizon Data Breach Investigations Report (DBIR) having found a way to practically apply Verizon’s raw data for risk assessments.
NEW YORK, Sept. 06, 2023 (GLOBE NEWSWIRE) -- Panorays, a leading provider of third-party security risk management, has partnered with HALOCK Security Labs, a renowned risk management and cybersecurity consultancy, to introduce its joint Third-Party Supplier (more...)
The Sedona Conference Working Group 11 (WG11) has provided the definition for reasonable security. In February 2021, The Sedona Conference released its Commentary on a Reasonable Security Test to help the regulatory and litigation communities “move (more...)
Unique Solution Assists Privacy Attorneys in Finding Sensitive Data Efficiently HALOCK, an information security professional services firm in the Chicago area, has partnered with an industry-leading data protection vendor, Spirion, to provide (more...)
In a recent survey of over 1,500 information security professionals, over 60% indicated their cybersecurity department is underfunded.(1) This industry-wide issue of underfunding is occurring at a time where funding requirements are increasing, as (more...)
HALOCK Security Labs has announced its commitment to Data Privacy Day - an international effort held on Jan. 28 to create awareness about the importance of data privacy – as a Data Privacy Day (more...)
Defining Reasonable Security for Regulatory Requirements such as The SHIELD Act, CCPA, California’s Internet of Things (IoT) and more The DoCRA (Duty of Care Risk Analysis) Council, a not-for-profit (501(C)(3)) (more...)
HALOCK Security Labs is conducting an informative webinar to help establish 'reasonable' cybersecurity controls, based on the Duty of Care Risk Analysis (DoCRA) standard. This event is hosted by Compliance Week at 2:00 p.m. (more...)
Protecting Data in An Era of Vulnerability in Crain's Roundtable October is National Cybersecurity Awareness Month, a collaborative effort that began in 2004 involving the National Cybersecurity Alliance and the U.S. Department of Homeland (more...)
HALOCK Events
Date: June 11, 2024
The Verizon 2024 Data Breach Investigations Report (DBIR) is widely recognized across the cybersecurity industry for its comprehensive analysis of the global threat landscape, based on real-world data from actual security (more...)
On-Demand Webinars
Learn on Your Own Time