On-Demand Webinars

In version 4.0, all periodic cadence requirements must be justified with a targeted risk analysis. Also, if the customized approach is used to validate compliance with a requirement, a targeted risk analysis must be performed. Join Viviana Wesley to learn how to conduct a targeted risk analysis that use the duty of care risk analysis method, that litigators and regulators expect to see when doing risk assessments

There are 51 requirements that are best practices until March of 2025. Some will be process related and some will require technology or program changes. Join Viviana Wesley for a deep dive into these requirements so your organization can start budgeting and planning for upcoming changes before these requirements become effective.

There are 14 new requirements that are effective immediately for any PCI DSS 4.0 validation. Join Viviana Wesley for a deep dive into these requirements so your organization can start working on these right away. View the recording to prepare for your transition to PCI DSS v4.0.

PCI DSS v3.2.1 expires on March 31, 2024. Organizations should now be planning their transition to PCI DSS v4.0. With 64 new requirements in PCI DSS v4.0, companies have a lot to consider in preparation for the coming deadline. In our PCI Webinar Series, learn about the general changes to 4.0, new requirements, best practices, and how an increased focus on risk evaluations in this new version will be a driving force for security and compliance. View Viviana Wesley, CISM, PCI QSA, ISO 27001 Auditor and HALOCK Principal Consultant to review key updates and next steps to support your transition to PCI DSS v4.0.

In post-data breach litigation, you must demonstrate due care and reasonable control. Learn what basic questions the court will ask and how the duty of care risk assessment (DoCRA)—based on judicial balancing tests and regulatory definitions of reasonable risk—helps you answer them. Distinguish the risk assessment criteria that allow for comparison, reflect your organization’s values and hold up to public scrutiny. See how you can employ DoCRA to fulfill regulators’ requirements for a complete and thorough risk assessment following a data breach. Learn how to define 'reasonable security'. PRESENTER: Chris Cronin, ISO 27001 Auditor | Board Chair - The DoCRA Council | Partner - HALOCK Security Labs

Meeting old and new security requirements is about to change. For the first time, all requirements, even version 4.0 of the PCI DSS, are going to be driven by risk. What does that mean exactly? Each organization will need to decide what its definition of “acceptable risk” is, not only for the organization, but for its clients and business partners as well as the general public. Those who could be harmed by your service or product, and in how you conduct business, need to be considered in the risk equation. To address these issues, the next Midwest Cyber Security Alliance virtual meeting will offer an update on some familiar topics including the concept of “reasonable controls” and “acceptable risk.” These terms have permeated our security regulations and standards over the last decade and have plagued organizations just as long — until today. Quite recently, regulators, judges, and security experts have all agreed to a common calculus to determine if an organization has reasonable controls. During this session, we will dissect the Sedona Conference’s new proposed legal test for reasonable security controls.

With evolving compliance requirements and the exponential growth of private data that must be managed, organizations are struggling to balance security, regulations, and corporate business goals. How do you prioritize resources and budget? Most organizations do not know where their data lives and may not want to do the hard work to find it. Or maybe that’s not it; perhaps they simply don’t know how to start. There is a path forward. Our panel of experts will share how they are achieving data privacy across the U.S. for big and small clients.

We forecast cybersecurity events not to predict the future, but to change it. Regulators and litigators all hold us accountable for knowing foreseeable threats so we can avoid them. But what is foreseeable? And how do we evaluate risks knowing what is foreseeable? This session will demonstrate how open source information can help you prioritize your cybersecurity efforts, and demonstrate that you were being reasonable even if a breach does occur.

CMMC and CCPA are very different requirements that push security organizations in new directions. CMMC is specific and for the DoD supply chain. CCPA is generic and for any organization with certain personal information. But both specific and generic security requirements are difficult to comply with. During this session we will show you how Duty of Care Risk Analysis can help you move from either generic or specific requirements to “reasonable” security controls that regulators will understand. View the presentation

How much security is enough? Business decision-makers juggle countless variables and make risk decisions using “due care” and “reasonableness.” Understand how to apply duty of care to your specific organization. HALOCK senior partner, Terry Kurzynski, and Jennifer L. Rathburn, partner from Foley & Lardner LLP present the challenging topic of balancing compliance, cyber security, and business objectives in the healthcare arena.