On-Demand Webinars
Learning Sessions on Cybersecurity & Risk
Analysis and reviews on managing your data, compliance, and reasonable security. Visit this page regularly, as we post new sessions.
Almost Everybody is Unprepared for SEC Cybersecurity Disclosures. But You Can Get Through This.
Just how, exactly, are you going to describe your company’s cybersecurity strategy, governance, and risk management program in your 10-K? You need to know what governance is, right? And how that’s different from strategy? And how cybersecurity risk management is … something that executives’ roles and … board director sign-off … and reasonable investors too … right? Oh, and materiality, too. Got it.
For most companies, 10-Ks will be hard to fill out because U.S. companies generally don’t run cybersecurity through governance, strategy, or risk management programs. At least not in a way that could withstand review by inquiring analysts or investors.
Most public companies do, however, provide demonstrable (and prudent) disclosures. So how will your 10-K cybersecurity disclosures be both accurate and not scare away reasonable investors?
In this presentation, Chris Cronin will help you understand what cybersecurity strategy, governance, and risk management are, and will show you how to use an emerging definition for reasonable cybersecurity controls to help you define materiality.
Your first 10-K will likely be a light touch among many pretty weird 10-Ks that other companies will file. But your 2024 preparation for your second filing can put you ahead of your competitors.
Compliance Week: Five Deliverables Every Cybersecurity Team Needs to Survive, Thrive and Comply with the New SEC Cybersecurity Rule
Join this webinar to review tools and templates for the five deliverables to:
1. Ensure your security program is legally defensible and compliant with the new SEC Cybersecurity Rule, published July 26, 2023. 2. Define a “clear line of acceptable risk” below which you accept risks and above which you remediate. 3. Understand the “total risk” (i.e., your risk FICO score) to your organization. 4. Communicate risks and justify expenditure requests in business terms. 5. Provide C-suite a roadmap for your program that reduces risk to an acceptable level (answering the C-suite question of, “Are we where we need to be? If not, when will we get there?”)
PCI Webinar Series 4: How to do Targeted Risk Analysis using a Duty of Care Risk Analysis Method
In version 4.0, all periodic cadence requirements must be justified with a targeted risk analysis. Also, if the customized approach is used to validate compliance with a requirement, a targeted risk analysis must be performed. Join Viviana Wesley to learn how to conduct a targeted risk analysis that use the duty of care risk analysis method, that litigators and regulators expect to see when doing risk assessments
PCI Webinar Series 3: A Deep Dive into the Emerging New 4.0 DSS Requirements that are Due by March 2025
There are 51 requirements that are best practices until March of 2025. Some will be process related and some will require technology or program changes.
Join Viviana Wesley for a deep dive into these requirements so your organization can start budgeting and planning for upcoming changes before these requirements become effective.
PCI Webinar Series 2: A Deep Dive into the New 4.0 DSS Requirements that are Applicable Immediately
There are 14 new requirements that are effective immediately for any PCI DSS 4.0 validation. Join Viviana Wesley for a deep dive into these requirements so your organization can start working on these right away. View the recording to prepare for your transition to PCI DSS v4.0.
PCI Webinar Series 1: Preparing for Your Transition to PCI DSS v4.0 Webinar
PCI DSS v3.2.1 expires on March 31, 2024. Organizations should now be planning their transition to PCI DSS v4.0. With 64 new requirements in PCI DSS v4.0, companies have a lot to consider in preparation for the coming deadline. In our PCI Webinar Series, learn about the general changes to 4.0, new requirements, best practices, and how an increased focus on risk evaluations in this new version will be a driving force for security and compliance. View Viviana Wesley, CISM, PCI QSA, ISO 27001 Auditor and HALOCK Principal Consultant to review key updates and next steps to support your transition to PCI DSS v4.0.
The Questions a Judge Will Ask You After a Data Breach
In post-data breach litigation, you must demonstrate due care and reasonable control. Learn what basic questions the court will ask and how the duty of care risk assessment (DoCRA)—based on judicial balancing tests and regulatory definitions of reasonable risk—helps you answer them. Distinguish the risk assessment criteria that allow for comparison, reflect your organization’s values and hold up to public scrutiny. See how you can employ DoCRA to fulfill regulators’ requirements for a complete and thorough risk assessment following a data breach. Learn how to define 'reasonable security'. PRESENTER: Chris Cronin, ISO 27001 Auditor | Board Chair - The DoCRA Council | Partner - HALOCK Security Labs
They Know You Can’t Get to 100% Compliance … and That’s Okay (HIPAA, CCPA/CPRA, GDPR, 23 NYCRR Part 500, CMMC, PCI, FISMA, FERPA)
Meeting old and new security requirements is about to change. For the first time, all requirements, even version 4.0 of the PCI DSS, are going to be driven by risk. What does that mean exactly? Each organization will need to decide what its definition of “acceptable risk” is, not only for the organization, but for its clients and business partners as well as the general public. Those who could be harmed by your service or product, and in how you conduct business, need to be considered in the risk equation.
To address these issues, we will discuss and update on some familiar topics including the concept of “reasonable controls” and “acceptable risk.” These terms have permeated our security regulations and standards over the last decade and have plagued organizations just as long — until today. Quite recently, regulators, judges, and security experts have all agreed to a common calculus to determine if an organization has reasonable controls. During this session, we will dissect the Sedona Conference’s new proposed legal test for reasonable security controls based on B2 – B1 < (P x H)1 – (P x H)2.
SPEAKERS:
Jennifer L. Urban, CIPP/US Moderator Partner Foley & Lardner LLPTerry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 Auditor Senior Partner HALOCK Security LabsData Privacy Hardship? Data Privacy Experts Field the Tough Questions
With evolving compliance requirements and the exponential growth of private data that must be managed, organizations are struggling to balance security, regulations, and corporate business goals. How do you prioritize resources and budget? Most organizations do not know where their data lives and may not want to do the hard work to find it. Or maybe that’s not it; perhaps they simply don’t know how to start.
There is a path forward. Our panel of experts will share how they are achieving data privacy across the U.S. for big and small clients.
PANELISTS
Terry Kurzynski – Sr. Partner, HALOCK Security Labs; Board Member, The DoCRA Council Jennifer L. Urban – CIPP/US, Partner at Foley & Lardner LLP Aaron Stine – Sr. Product Manager, Spirion
Discussion topics include:
• The biggest challenges in the data privacy compliance process • Best methodologies to understand, protect, and govern your data • Balancing state-mandated compliance regulations • Methods for minimizing and controlling personal data
Cyber Security Summit Threat Forecasting Using Open Source Data to Foresee Your Next Breach
We forecast cybersecurity events not to predict the future, but to change it. Regulators and litigators all hold us accountable for knowing foreseeable threats so we can avoid them. But what is foreseeable? And how do we evaluate risks knowing what is foreseeable? This session will demonstrate how open source information can help you prioritize your cybersecurity efforts, and demonstrate that you were being reasonable even if a breach does occur.
CMMC/CCPA. Using Duty of Care Risk to Comply With New Challenges
CMMC and CCPA are very different requirements that push security organizations in new directions. CMMC is specific and for the DoD supply chain. CCPA is generic and for any organization with certain personal information. But both specific and generic security requirements are difficult to comply with. During this session we will show you how Duty of Care Risk Analysis can help you move from either generic or specific requirements to “reasonable” security controls that regulators will understand. View the presentation.
AHLA Thought Leader Perspectives – Adopting Duty of Care Risk Analysis (DoCRA) to Drive Governance, Risk, and Compliance (GRC) 2019
How much security is enough? Business decision-makers juggle countless variables and make risk decisions using “due care” and “reasonableness.” Understand how to apply duty of care to your specific organization.
HALOCK senior partner, Terry Kurzynski, and Jennifer L. Rathburn, partner from Foley & Lardner LLP present the challenging topic of balancing compliance, cyber security, and business objectives in the healthcare arena.
CIS RAM This Math will Save You – Cyber Security Summit Chicago
CIS RAM. CIS® (Center for Internet Security, Inc.) released its first risk assessment method, CIS Risk Assessment Method (RAM). CIS RAM uses a simple equation developed by the courts as the basis for reasonableness in your risk assessment. This method helps you define your acceptable level of risk in a way that creates consensus among executives, attorneys, and regulators.
Learn more about how to define reasonable security with Duty of Care Risk Analysis (DoCRA).
PCI DSS Updates & Changes, an Overview of Version 3.0
1 Hr. webinar explaining the updates to Version 3.0 of PCI DSS