They Know You Can’t Get to 100% Compliance … and That’s Okay (HIPAA, CCPA/CPRA, GDPR, 23 NYCRR Part 500, CMMC, PCI, FISMA, FERPA)
Meeting old and new security requirements is about to change. For the first time, all requirements, even version 4.0 of the PCI DSS, are going to be driven by risk. What does that mean exactly? Each organization will need to decide what its definition of “acceptable risk” is, not only for the organization, but for its clients and business partners as well as the general public. Those who could be harmed by your service or product, and in how you conduct business, need to be considered in the risk equation. To address these issues, the next Midwest Cyber Security Alliance virtual meeting will offer an update on some familiar topics including the concept of “reasonable controls” and “acceptable risk.” These terms have permeated our security regulations and standards over the last decade and have plagued organizations just as long — until today. Quite recently, regulators, judges, and security experts have all agreed to a common calculus to determine if an organization has reasonable controls. During this session, we will dissect the Sedona Conference’s new proposed legal test for reasonable security controls.
Data Privacy Hardship? Data Privacy Experts Field the Tough Questions
With evolving compliance requirements and the exponential growth of private data that must be managed, organizations are struggling to balance security, regulations, and corporate business goals. How do you prioritize resources and budget? Most organizations do not know where their data lives and may not want to do the hard work to find it. Or maybe that’s not it; perhaps they simply don’t know how to start. There is a path forward. Our panel of experts will share how they are achieving data privacy across the U.S. for big and small clients.
Cyber Security Summit Threat Forecasting Using Open Source Data to Foresee Your Next Breach
We forecast cybersecurity events not to predict the future, but to change it. Regulators and litigators all hold us accountable for knowing foreseeable threats so we can avoid them. But what is foreseeable? And how do we evaluate risks knowing what is foreseeable? This session will demonstrate how open source information can help you prioritize your cybersecurity efforts, and demonstrate that you were being reasonable even if a breach does occur.
CMMC/CCPA. Using Duty of Care Risk to Comply With New Challenges
CMMC and CCPA are very different requirements that push security organizations in new directions. CMMC is specific and for the DoD supply chain. CCPA is generic and for any organization with certain personal information. But both specific and generic security requirements are difficult to comply with. During this session we will show you how Duty of Care Risk Analysis can help you move from either generic or specific requirements to “reasonable” security controls that regulators will understand. View the presentation
AHLA Thought Leader Perspectives – Adopting Duty of Care Risk Analysis (DoCRA) to Drive Governance, Risk, and Compliance (GRC) 2019
How much security is enough? Business decision-makers juggle countless variables and make risk decisions using “due care” and “reasonableness.” Understand how to apply duty of care to your specific organization. HALOCK senior partner, Terry Kurzynski, and Jennifer L. Rathburn, partner from Foley & Lardner LLP present the challenging topic of balancing compliance, cyber security, and business objectives in the healthcare arena.
CIS RAM This Math will Save You – Cyber Security Summit Chicago
CIS RAM. CIS® (Center for Internet Security, Inc.) just released its first risk assessment method, CIS Risk Assessment Method (RAM). CIS RAM uses a simple equation developed by the courts as the basis for reasonableness in your risk assessment. This method helps you define your acceptable level of risk in a way that creates consensus among executives, attorneys, and regulators.
VIDEO: The Value of a Penetration Test
Why it is essential.
How to Comply with Everything
1 Hr. webinar on how risk management can help you comply with anything
1 Hr. webinar on Risk Management as a security requirement
Surviving the HIPAA Security Rule
1 Hr. webinar about the new HIPAA Security Omnibus rule.