HALOCK’s services help outside counsel serve clients as a strategic advisor. Because our risk management services are based on definitions of duty of care, our clients are well-prepared to defend themselves against charges of negligence with strong evidence of due care. This helps clients directly reduce their risk of litigation and regulatory fines even after a breach.
Based on research conducted by NetDiligence® and others, litigation and regulatory costs generally exceed initial response costs, such as hiring response experts, forensics, investigation, recovery costs, and credit monitoring services . Because HALOCK’s risk management services implement due care oversight by definition, our clients have been able to easily defend their safeguards as reasonable both during regulatory audits, and during post-breach investigations. Outside counsel plays an important advisory role in these engagements. Because our clients want certainty that their evaluation, prioritization, and acceptance of risk is sound, they look to specialized counsel to advise them during multi-year risk management programs, recurring risk assessments, and implementation of security programs.
HALOCK enables our attorney partners to directly discuss Duty of Care Risk Analysis with their clients using a simple DoCRA Gap Assessment. The assessment, a non-technical questionnaire, introduces clients to concepts of due care in their cybersecurity practice. Through the Q and A format of the gap assessment interview, attorneys introduce their clients to management oversight, evaluation of the internal and external impact of foreseeable attacks, and the balanced burden of alternative safeguards. Client responses lead to discussions about services that the attorney’s firm and HALOCK can provide them to demonstrate due care before regulatory oversight actions or a data breach occurs. Law firms who wish to partner with HALOCK may work with us directly on regulatory, litigation, or strategic matters, or may choose to undergo training and introduce their clients to DoCRA through the gap assessment.
Reasonable Security is Now Defined
The Sedona Conference – an influential think tank that advises attorneys, regulators, and judges on challenging technical matters – just released its Commentary on a Reasonable Security Test. The Commentary is the first document of its kind that provides the legal community with a clear definition of a “reasonable” security control.
Reasonable Security Resources
In Archive360’s Podcast Episode 29: What is “Reasonable Data Security”?, Bill Tolson and Chris Cronin, Partner, Governance and Engineering Practice at HALOCK Security Labs try and define “reasonable data security” – a term that continually appears in every states’ privacy law or proposed legislation.
PODCAST: Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Chris Cronin, ISO 27001 Auditor and Partner at HALOCK, a leading information security consultancy. Their discussion focuses on “reasonableness” as it relates to cybersecurity risk management.
RIMS: RiskWorld Recording: Reasonable Security & The Questions a Judge Will Ask You After a Data Breach In post-data breach litigation, you must demonstrate due care and reasonable control. Learn what basic questions the court will ask and how the duty of care risk assessment (DoCRA)—based on judicial balancing tests and regulatory definitions of reasonable risk—helps you answer them.
HALOCK is headquartered in Schaumburg, IL, in the Chicago area and advises clients on reasonable information security strategies, third-party risk management, risk assessments, penetration testing, security management and architecture reviews, and HIPAA, Privacy, & PCI compliance, incident response and forensics throughout the US.