What Makes for Reasonable Measures and do they Defend Against Cyber Security Lawsuits?
May 21, 2021
At RSA Conference 2021, panelists debate the meaning of a very important word that may very well have an impact in data breach litigation
SPOT THE DIFFERENCE: Tony Kingham explains how x-ray technology can help with both security and duty of care
April 8, 2021
The Duty of Care Risk Analysis Standard (DoCRA) provides principles and practices for evaluating risk. It considers all parties that could be affected by those risks. DoCRA evaluates safeguards if they are appropriate in protecting others from harm while presenting a reasonable burden by defining what is reasonable risk. It helps establish reasonable security based on an organisation’s specific mission, objective, and obligations. Quite apart from the legal and moral imperative, there is a good business case for reasonable security measures.
Sedona Conference Just Leveled the Playing Field with Reasonable Security
March 4, 2021
The Sedona Conference Working Group 11 (WG11) has provided the definition for reasonable security. In February 2021, The Sedona Conference released its Commentary on a Reasonable Security Test to help the regulatory and litigation communities “move the law forward in a reasoned and just way.” We now have a test for reasonable security practices that brings together the traditions of regulators, litigators, and information security communities to balance burdens of safeguards against the risk of harm to ourselves and others.
CIS Risk Management Method (CIS RAM) overview
February 4, 2021
CIS RAM is an interesting method at many levels. It conforms and supplements standards like ISO 27005, NIST Special Publications 800–30, or RISK IT. It also bridges two different risk analysis methods: the well known method found is U.S. regulations and InfoSec standards: Risk = impact + likelyhood, and the less known “Calculus of Negligence” or “Learned Hand Rule” and as such incorporates principles and practices from Duty of Care Risk Analysis.
5 Cybersecurity Predictions for 2021
December 16, 2020
Finding a Test for Reasonable Security Practices: Embrace Complexity and Specifics
September 29, 2020
A working group of the Sedona Conference has proposed a solid answer to these questions. By its own description, the Sedona Conference is a nonpartisan, nonprofit research and educational institute dedicated to the advanced study of specific law and policy, including privacy and data security law. The Conference has just published a set of commentary on a reasonable security test. The paper is worth reading.
Spirion, a data protection and compliance company based in St. Petersburg, Fla., launched its Global Alliance Partner Program
September 22, 2020
Spirion, a data protection and compliance company based in St. Petersburg, Fla., launched its Global Alliance Partner Program, for data security which spans software developers, technology providers, systems integrators and solution providers. Partners will “extend the functionality” of Spirion’s Data Privacy Management Framework, according to the company. Solution provider members of the program include GuidePoint Security and HALOCK Security Labs, while technology partners include ContextSpace, Seclore and Tonic.
Spirion Unveils Global Alliance Partner Program
September 21, 2020
Establishes technology and solution provider partner ecosystem committed to strengthening personal data protection through best-in-class solutions. “Our collaboration with Spirion is one of HALOCK’s most strategic partnerships designed to address some of the most complex challenges related to data protection in large enterprise environments,” said Terry Kurzynski, HALOCK Security Labs Founding Partner. “Our alliance with Spirion extends our reach into understanding, controlling, and protecting what’s most important to our clients, their sensitive data.”
3 Templates for a Comprehensive Cybersecurity Risk Assessment
July 28, 2020
Based on the Duty of Care Risk Analysis (DOCRA) that many regulatory bodies rely on to ensure that organizations are delivering reasonable risk management practices to protect their customers and vendors, the CIS RAM aligns with the CIS Controls specifically and uses a simplified risk statement to benchmark the level of risk associated and determine a viable safeguard to mitigate risk.
Federal Trade Commission Aims to Ramp Up the Cybersecurity Efforts of Financial Institutions
July 14, 2020
The Federal Trade Commission is seeking to ramp up mandated cybersecurity efforts for financial institutions by altering the Gramm-Leach-Bliley Act’s Safeguards Rule, which requires financial institutions to develop, implement and maintain a comprehensive information security program.
“People are not generally doing what we would consider risk assessments,” said Chris Cronin, a partner at HALOCK Security Labs. “Instead, they’ll have an auditor come in and run an audit.”
Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule
July 1, 2020
A New Perspective on Cyber Risk
April 21, 2020
In a post on Halock.com, auditor Chris Cronin writes that as insurers try to model cyber risk and brokers try to get the right information from their clients it may be better to focus on management behavior than on hacker tactics.
Using data from NetDiligence reports, Cronin breaks down costs of crisis services, legal defense, settlements, regulatory defense and fines between small/medium and large organizations.
HIPAA Risk Analysis 2.0: Duty of Care Risk Analysis
February 4, 2020
How to Create Smarter Risk Assessments
July 29, 2019
8 Vulnerabilities Penetration Testers Recommend You Address in 2019
February 7, 2019
Penetration testers are the frontline witnesses on cyber threats and vulnerabilities. They continue to see the same weaknesses and vulnerabilities within the enterprises they examine. Below, is a list of recommendations for you to be aware of in the year ahead.
HALOCK Helps Define “Reasonable” Risk: The Questions a Judge Asks You after a Data Breach
February 5, 2019
Chicago Tribune – HALOCK Security Labs is conducting an informative webinar to help establish ‘reasonable’ risk cybersecurity controls, based on the Duty of Care Risk Analysis (DoCRA) standard.
Do you know reasonable?
Enhance your security strategy to address your changing working environment and risk profile due to COVID-19. HALOCK is a trusted cyber security consulting firm and penetration testing company headquartered in Schaumburg, IL in the Chicago area servicing clients throughout the United States.
CRAIN’S Cyber Security Roundtable: Protecting Data in An Era of Vulnerability featuring Chris Cronin
October 23, 2018
Insightful discussion with Chicagoland information security experts in Crain’s Roundtable.
Cyber Security Summit: Chicago CIS RAM & Duty of Care
August 30, 2018
A key method that was showcased at the event was the practice of ‘duty of care‘. That is, businesses should assess their security controls to ensure that all parties are protected from potential harm.
HALOCK Security Labs Pledges to Support National Cybersecurity Awareness Month 2018 as a Champion
August 20, 2018
Security Magazine: Who in an Organization is Responsible for a Data Breach?
August 2, 2018
“While accountability starts with the CEO and corporate board, cyber security is a shared responsibility across every function and level of an organization.” – article in Security Magazine. Read more on how information security professionals must be aligned when it comes to security safeguards.