Chris Cronin
Chris Cronin is a partner at HALOCK Security Labs and Chair of the DoCRA Council. He is the principal author of the DoCRA Standard and CIS RAM, Center for Internet Security’s Risk Assessment Method. Chris’ clients include Fortune 100 companies, large and mid-sized organizations, start-ups, litigators, and regulators. Since 2010 Chris has helped his clients manage their information security risks to an evidence-based, reasonable level. Chris’ work as an expert witness has helped his clients, regulators, and litigators evaluate the reasonableness of security controls and programs during regulatory oversight or post-breach legal action. As a frequent speaker and cybersecurity writer, Chris contributes to helping professionals strengthen their security and risk programs. His most work, HALOCK and Reasonable Risk’s Annual 10-K Survey, offers insight and guidance on the SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule. He collaborates with peers in industry collaboratives and think tanks, including Sedona Conference, to help bring equity and due care to cybersecurity and risk management.
SPEAKING & PANELIST ENGAGEMENTS
CAMP IT Enterprise Risk: Techniques to Evolve Risk Governance | October 11, 2024
Cyber Risk Webinar: How Executives Make Informed Cyber Decisions | September 19, 2024
Cyber Executive Forum 2024: Framework for Cyber Risk Management | February 23, 2024
FutureCon Cybersecurity Conference Chicago: CISO Panel | January 25, 2024
Midwest Cyber Security Alliance (MCSA): Understanding the Impact of the SEC Cybersecurity Rules | October 2023
Compliance Week: Almost Everybody is Unprepared for SEC Cybersecurity Disclosures. But You Can Get Through This. | October 2023
SGS Certification Solutions: Meeting New Regulations Adopted by the SEC in 2023 | Thursday, September 28, 2023 2:00 PM Eastern Daylight Time
Archive360 Podcast: What is “Reasonable Data Security”?
MER Conference: Defining “Reasonable Security Measures” When it Comes to Data Protection | Wed May 11, 11:00 AM – 12:00 PM EDT / 10:00 AM – 11:00 AM CDT
Cleveland-Marshall College of Law – Cleveland State University: 2022 Cybersecurity and Privacy Protection Conference | May 19-20, 2022
Center for Internet Security, Inc. (CIS®) Podcast: Conceptualizing Reasonableness for Risk Analysis
RIMS 2022: The Questions a Judge Will Ask You After a Data Breach | April 11, 2022
Center for Internet Security, Inc. (CIS®): CIS Risk Assessment Method (RAM) v2.1 for Implementation Group 2 (IG2) Workshop | Tuesday, February 8, 2022 | 2:00 p.m. EST
Midwest Cyber Security Alliance (MCSA): You’re Expected to Know and Disclose the Foreseeable Cybersecurity Threats that Face Your Organization and Reasonably Defend Against Them: How Do You Do This? | Nov 16, 2021
The Center for Internet Security, Inc. (CIS®): CIS Risk Assessment Method (RAM) v2.0 Webinar | Nov 17, 2021
RSA Conference 2021: Forecasting Threats is Way Easier Than You Think | May 18, 2021
RSA Conference 2021: Your Breached Controls May Have Been Reasonable After All | May 19, 2021
RSA Conference 2021: Panel What Makes for Reasonable Measures and do they Defend Against Cyber Security Lawsuits? | May 19, 2021
National Foundation for Judicial Excellence (NFJE) 2020 Annual Judicial Symposium Law in the New Age: How Automation and Artificial Intelligence Will Change Judging in Substance and Procedure | Judging Efforts to Protect Personal Information: What Test Should Apply? | Oct. 15, 2020
Cyber Security Summit: Denver Threat Forecasting – Using Open Source Data to Foresee Your Next Breach | Sep 10, 2020
Cyber Security Summit: Chicago CMMC and CCPA. Using Duty of Care Risk to Comply With New Challenges | Sep 1, 2020
Cyber Risk Podcast Can DoCRA Duty of Care Risk Analysis tell you if your cybersecurity controls reasonable? | Aug 4, 2020
Federal Trade Commission Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule | July 13, 2020
NetDiligence Cyber Risk Summit 2020 What is Reasonable Cyber Security? | July 7, 2020
The Sedona Conference Online Meeting for Draft Commentary on Proactive Privacy and Data Security Governance | June 24, 2020
CyberNext Summit 2019 – KuppingerCole Analysts The Questions A Judge Asks You After a Data Breach | Gallery
CUNA (Credit Union National Association) Technology Council Conference The Questions a Judge Will Ask You After a Data Breach – A Panel Discussion
Cyber Security Summit: Chicago 2019 Reasonable Security in the Age of Risk | Gallery
ITAC: W3 The Cycle of Cybersecurity Integrating Cyberdefense into your Risk Decision-Making Process
Cleveland-Marshall’s Cybersecurity and Privacy Protection Conference Cyber Risk Management (or How to Comply with Everything)
Compliance Week Webinar The Questions A Judge Asks You After a Data Breach
NIST Cybersecurity Risk Management Conference 2018 Evaluating “Reasonable” Cyber Risk Using the Center for Internet Security Risk Assessment Method
CIS RAM ((Center for Internet Security Risk Assessment Method) Workshop Live & Webinar
Cyber Security Summit: Chicago 2018 CIS RAM: This Math will Save You
CIS Controls v7 Launch | Gallery