The Center for Internet Security, Inc. (CIS®): Conceptualizing Reasonableness for Risk Analysis

The Center for Internet Security, Inc. (CIS^®): In episode 29 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Chris Cronin, ISO 27001 Auditor and Partner at HALOCK, a leading information security consultancy. Their discussion focuses on “reasonableness” as it relates to cybersecurity risk management. This topic isn’t just about proving to regulators, litigators, and others that security controls were in place prior to an incident. It also considers how to implement safeguards without overburdening users and executives.

ESTIMATING RISK BY INDUSTRY

Estimate risk based on real threat data. Read Appendix D in the 2024 Verizon Data Breach Investigations Report (DBIR) to augment your risk analysis.