Past Speaking Events & Presentations

HALOCK information security presentations at industry conferences and events.

2019

(ISC)² Security Congress: The Questions a Judge Will Ask You After a Data Breach – What is “reasonable” security? October 30, 2019

SPEAKERS: Terry Kurzynski, DoCRA Council and Aaron DeMaster, Rexnord

If you are breached and your case goes to litigation, you will be asked to demonstrate “due care.” This is the language judges use to describe “reasonable.” Organizations must use safeguards to ensure that risk is reasonable to the organization and appropriate to other interested parties at the time of the breach. This presentation references case law, regulatory oversight and the Center for Internet Security Risk Assessment Method (CIS RAM), with a discussion on the future implications of this approach toward defining reasonableness. CIS RAM is based on the Duty of Care Risk Analysis standard (DoCRA.org) and is recognized by attorneys, regulators and interested parties for its ability to demonstrate reasonable implementation of controls.

Learning Objectives:
• Define risk assessment criteria so they allow for comparison, reflect the organization’s values and will hold up to public scrutiny.
• Model and select threats that are relevant to information assets and controls.
• Estimate the likelihood of risks.

Institute of Real Estate Management (IREM) Cybersecurity Webinar: Safekeeping Your Online Accounts – How to stop hackers from taking your money and information | October 22, 2019

Speaker: Glenn Stout

Security professionals get asked all of the time “What are the top things that I should be doing right now to keep my online accounts safe?” There are many “attack paths” that bad actors take to attempt to get to your money. Knowing what these attacks are – and what to do to protect your online accounts is the answer to the question asked above. This session will cover how the attacks are planned and carried out, and the keys to protect your accounts and data. Some topics include the concepts of phishing, spear-phishing, call fraud, scareware, extortion and the ways to protect against them, such as password approach, protecting email, devices and social media accounts.

After attending this session, participants will be able to:
• Understand the various attack paths that bad actors take to get to user accounts.
• What users generally do wrong that helps the bad actors win.
• Be aware of the key things to do to protect online accounts.

CAMP IT Leadership Strategies – How to Secure the Budget You Truly Need by Translating Technology Costs to Business Value | October 17, 2019

Speaker: Jim Mirochnik | Strategies and techniques for leading and guiding IT through a business approach during dynamic times.

Health Management Academy – Risk Analysis 2.0, Health Care Data Security in the Age of Risk October 17, 2019

SPEAKERS: Terry Kurzynski and Jen Rathburn

Discussion of HIPAA’s risk analysis and risk mitigation plan requirements
• How risk assessment frameworks are evolving, including the Duty of Care Analysis (DoCRA)
• How duty of care risk analysis builds consensus from the board room to the court room
• How best to prepare and respond to regulatory investigations and plaintiffs’ lawsuits
• How IT and Compliance can be enablers of the organization’s mission

CISO of the Year Award Breakfast October 15, 2019

This award has been established to publicly recognize top senior information security leaders through nominations, judges and support from within the local community. The award will be presented on October 15th at a Breakfast Ceremony at the Metropolitan Club of Chicago.

CyberNext Summit 2019 – KuppingerCole Analysts October 8-10, 2019

Speaker: Chris Cronin

Cybersecurity is shifting toward more distributed and dynamic models. Decentralized security infrastructure brings its challenges and opportunities. CyberNext Summit (#CNS19) summit will focus on the capabilities needed to achieve security in such a distributed environment, especially in the context of ever-increasing security threats.
The Questions a Judge Will Ask You After a Data Breach

The Sedona Conference Working Group 11 Midyear Meeting 2019 September 18, 2019

Panelist: Chris Cronin | A panel of Data Security and Privacy Liability – Working Group 11 (WG11) members led a dialogue with WG11 members at the 2019 midyear meeting – Proactive privacy and security governance: Complying with global data privacy and security regulations

CUNA Technology Council Conference: The Questions a Judge Will Ask You After a Data Breach – A Panel Discussion  September 13, 2019 

PANELISTS: Jacqueline Connor, Attorney, Federal Trade Commission, Washington, DC  |  Chris Cronin, Principal, HALOCK Security Labs, Schaumburg, IL  |  Bill Podborny, CISO, Alliant CU, Chicago, IL 

Federal regulators, including NCUA, increasingly urge organizations to use risk analysis to determine whether security controls are reasonable. However, regulators are restrained from describing how risk analysis should work. During this session we will show how organizations can use Duty of Care Risk Analysis (DoCRA) to demonstrate whether security controls and risks are reasonable, and to do so in a way that supports management objectives, regulatory requirements, and information security disciplines.

Cyber Security Summit Chicago  August 27, 2019 

SPEAKER: Chris Cronin  The fourth annual Chicago Cyber Security Summit connects C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. 

PRESENTATION: If you are breached and your case goes to litigation, you will likely be asked to demonstrate “due care” and that your controls were “reasonable.” Many are surprised to learn that a breach by itself often does not constitute negligence. Judges will ask a set of questions to determine whether your controls were reasonable. These questions bear a close resemblance to information security risk assessments; they both try to balance the likelihood and impact of foreseeable threats against the burden of safeguards. This presentation will explain judicial balancing tests, how they relate to regulatory definitions of “reasonable” risk, and how to conduct risk assessments that prepare you to answer the tough questions before you need to be asked. Request a copy of the presentation.

MIDWEST CYBER SECURITY ALLIANCE (MCSA) The California Consumer Privacy Act (CCPA): Applicability, Requirements, and Practical Tips on Compliance September 12, 2019

SPEAKER: Terry Kurzynski

The California Consumer Privacy Act (CCPA) will be effective January 1, 2020, and enforced beginning six months later. Despite the quickly approaching effective date, there are still a number of pending legislative bills seeking to amend CCPA. This has created immense uncertainty for companies trying to bring their business into compliance with CCPA. We address the following types of questions to ensure attendees leave the presentation understanding whether CCPA applies to their business and, if so, the steps they should take to comply: Does CCPA apply to my business? How does CCPA affect our collection, use, and disclosure of personal information? What rights do individuals have under CCPA with regard to their personal information? What are the “reasonable security procedures and practices appropriate to the nature of the information” required by CCPA to protect personal information? What are the status of the various proposed amendments to CCPA? What are the potential penalties and risks of noncompliance, including private rights of action and the likelihood of class action lawsuits?

4th & Final 2019 Chicago CISO of the Year Social Mixer, Aug. 20, 2019

2019 EXPO.Health Conference: The Questions a Regulator Will Ask You After a Data Breach, Aug. 2, 2019

SPEAKER: Chris Cronin

The 2019 EXPO.health conference is focused on 5 main topic areas which are of interest to health IT professionals at hospitals, health systems, and ambulatory organizations – Security and Privacy, Analytics, Communication and Patient Engagement, IT Dev Ops, Operational Alignment and Support. HALOCK partner and the DoCRA Council Chair, Chris Cronin, will be speaking at the event. The Questions a Regulator Will Ask You After a Data Breach If you are breached and are visited by regulators, they will ask you to demonstrate that your safeguards were reasonable. Their questions resemble information security risk assessments. Regulators try to balance the likelihood and impact of foreseeable threats against the burden of safeguards. In this session we will show you how to conduct your risk assessments so you are ready to answer these tough questions.

3rd 2019 Chicago CISO of the Year Social Mixer, July 23, 2019


ITAC: W3 The Cycle of Cybersecurity: Integrating Cyberdefense Into Your Risk Decision-Making Process, July 18, 2019

SPEAKER: Chris Cronin

ITAC is the premier event for IT audit executives and those tasked with ensuring that businesses are governing data in a secure and responsible way, while addressing risks related to information technology. ITAC is produced by MIS Training Institute (MISTI), the international leader in audit, IT audit and information security training, with offices in Boston and London. MISTI’s expertise draws on experience gained in training more than 200,000 delegates across five continents.


2nd CISO of the Year Mixer, June 18, 2019

IREM WEBINAR – Cyber Security: How to Secure Your Devices and Data, July 16, 2019

SPEAKER: Glenn Stout, Ph.D., CISSP, CISM, GSEC, PMP

American Health Lawyers Association (AHLA) Webinar: Duty of Care Risk Analysis (DoCRA) “Adopting Duty of Care Risk Analysis to Drive GRC” June 5, 2019

SPEAKERS: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR, Senior Partner; Board Member on The DoCRA Council and Jennifer L. Rathburn, Partner at Foley & Lardner LLP

Techno Security & Digital Forensics Conference – The Questions a Judge Will Ask You After a Data Breach. June 3, 2019

SPEAKER: Tod Ferran, CISSP, QSA, ISO 27001

Cleveland-Marshall’s Cybersecurity and Privacy Protection Conference 2019. May 30, 2019

PANELIST: Chris Cronin, ISO 27001 Auditor

CAMP IT: Enterprise Risk / Security Management. Know Where Your Next Attack is Coming From. Attack prediction and resource prioritization using community-sourced data May 30, 2019

SPEAKERS: Todd Becker, PCI QSA, ISO 27001; Steve Lawn, CIPP

1st CISO of the Year Mixer, May 21, 2019

Institute of Real Estate Management (IREM) Cybersecurity Webinar: Phishing, Smishing and Whaling – Oh My! May 7, 2019

SPEAKER: Glenn Stout, Ph.D., CISSP, CISM, GSEC, PMP

CAMP IT – Data Breaches: Defending Against and Responding To.
Third Party Assessment Prioritization: “Vendor Tiering and Due Diligence Levels” May 2, 2019

SPEAKER: Ken Squires, CISSP, HCISPP, CISA, CRISC, ISO 27001 AUDITOR

Compliance Week Webinar: The Questions a Judge Will Ask You After a Data Breach Webcast. March 21, 2019

SPEAKER: Chris Cronin, ISO 27001 Auditor

RSA: Author! Author! Happy Hour. March 6, 2019 Experts Todd Fitzgerald, author of CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, and Chris Cronin, principal author of CIS RAM, the CIS® (Center for Internet Security) Risk Assessment Method.

2018

CIS® (Center for Internet Security) – CIS RAM Workshop Dec. 10, 2018 SPEAKER: Chris Cronin, ISO 27001 Auditor

Midwest Cyber Security Alliance – How to Develop and Maintain an Effective Security Awareness Training Program  Dec. 5, 2018 SPEAKER: Glenn Stout, Ph.D., CISSP, CISM, GSEC, PMP

NIST Cybersecurity Risk Management Conference – Evaluating “Reasonable” Cyber Risk Using the Center for Internet Security Risk Assessment Method Nov. 9, 2019

SPEAKER: Chris Cronin, ISO 27001 Auditor

The Center for Internet Security Risk Assessment Method (CIS RAM) provides detailed and practical guidance that builds on NIST 800-30, and is consistent with regulatory and legal expectations for establishing “reasonable” and “appropriate” risk. The proposed panel discussion will feature the authors of CIS RAM who will present the method, its basis in security frameworks and law, and case studies that illustrate its use in legal and non-legal contexts.

Louisiana Hospital Association Webinar – Acceptable Security Risk and Negligence: It’s a Fine Line Nov. 7, 2018 SPEAKER: Tod Ferran, CISSP, QSA, ISO 27001

UW E-Business Consortium: Information Technology Peer Group Meeting – DoCRA Oct. 18, 2018 SPEAKER: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR

CAMP IT: Enterprise Risk / Security Management –
The Industry Risk Assessment Dilemma and the Solution Oct. 3, 2018 SPEAKER: Jim Mirochnik, MBA, PMP, QSA, ISO 27001

Midwest Cyber Security Alliance – Duty of Care Risk Analysis (DoCRA) and CIS RAM Sept. 19, 2018 SPEAKER: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR

Forrester Privacy & Security 2018 Sept. 25, 2018

SecureXII – 12th Annual ISSA and ISACA Chicago Chapters Security Conference June 12, 2018

CISO Executive Summit June 6, 2018

Cyber Security Summit: Chicago – CIS RAM: This Math Will Save You Aug. 29, 2018 SPEAKER: Chris Cronin, ISO 27001 Auditor

CIS RAM (Risk Assessment Method) Launch Event April 30, 2018 SPEAKER: Chris Cronin, ISO 27001 Auditor