Past Cyber Security Speaking Events & Presentations

HALOCK cyber security presentations at industry conferences and events.

2021


2021 NAPCP Commercial Card and Payment Conference

May 10-28, 2021

Using Pandemic Lessons and Risk Assessments to Prepare for PCI DSS 4.0

HALOCK will provide real examples of how scope reduction technologies have helped organizations manage their risk more easily through a pandemic. HALOCK will also explain the anticipated risk-based approach that is coming with PCI DSS 4.0 and how organizations can prepare for the new standard (and many new requirements) by strengthening their risk processes now.

  • Learn how easy some organizations’ remote and on-premise working transitions have been because of Point-to-Point Encryption (P2PE) technology and why.
  • Learn how PCI DSS version 4, to be published in 2021, will introduce a risk-based approach to validating compliance.
  • Learn how to do risk analysis in a way that regulators expect.

SPEAKER:
Viviana Wesley, Principal Consultant – CISM, PCI QSA, ISO 27001 Auditor


SecureWorld Webinar: Privacy Compliance Hardship?

April 13, 2021

Data Privacy Experts Field the Tough Questions

With evolving compliance requirements and the exponential growth of private data that must be managed, organizations are struggling to balance security, regulations, and corporate business goals. How do you prioritize resources and budget? Most organizations do not know where their data lives and may not want to do the hard work to find it. Or maybe that’s not it; perhaps they simply don’t know how to start.

There is a path forward. Our panel of experts will share how they are achieving data privacy across the U.S. for big and small clients.

Discussion topics include:

•  The biggest challenges in the data privacy compliance process
•  Best methodologies to understand, protect, and govern your data
•  Balancing state-mandated compliance regulations
•  Methods for minimizing and controlling personal data

SPEAKERS:
Jennifer L. Urban, CIPP/US – Moderator, Partner – Foley & Lardner LLP
Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 Auditor, Senior Partner – HALOCK Security Labs


MIDWEST CYBER SECURITY ALLIANCE (MCSA)

February 18, 2021

They Know You Can’t Get to 100% Compliance … and That’s Okay (HIPAA, CCPA/CPRA, GDPR, 23 NYCRR Part 500, CMMC, PCI, FISMA, FERPA)

Meeting old and new security requirements is about to change. For the first time, all requirements, even version 4.0 of the PCI DSS, are going to be driven by risk. What does that mean exactly? Each organization will need to decide what its definition of “acceptable risk” is, not only for the organization, but for its clients and business partners as well as the general public. Those who could be harmed by your service or product, and in how you conduct business, need to be considered in the risk equation.

To address these issues, the next Midwest Cyber Security Alliance virtual meeting will offer an update on some familiar topics including the concept of “reasonable controls” and “acceptable risk.” These terms have permeated our security regulations and standards over the last decade and have plagued organizations just as long — until today. Quite recently, regulators, judges, and security experts have all agreed to a common calculus to determine if an organization has reasonable controls. During this session, we will dissect the Sedona Conference’s new proposed legal test for reasonable security controls based on B2 – B1 < (P x H)1 – (P x H)2.

Understanding and leveraging the legal definition of “reasonable” will certainly have its advantages — please join Foley and HALOCK Security Labs on Thursday, February 18, 2021, for a discussion on what it is and how it can be applied to your organization.

SPEAKERS:
Jennifer L. Urban, CIPP/US – Moderator, Partner – Foley & Lardner LLP
Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 Auditor, Senior Partner – HALOCK Security Labs

2020


National Foundation for Judicial Excellence (NFJE) 2020 Annual Judicial Symposium

October 15, 2020

Judging Efforts to Protect Personal Information:
What Test Should Apply?

In LabMD, Inc. v. Federal Trade Commission, the United States Court of Appeals for the Eleventh Circuit vacated the FTC’s order that LabMD implement the FTC-designed security program on grounds it required an “indeterminable standard of reasonableness.” The panel will discuss LabMD, Inc. and the most promising standard that has emerged in the wake of it—one based upon a duty-of-care risk analysis. Such an approach has been adopted by the Center for Internet Security, and it has been used by Pennsylvania’s OAG in a settlement with Expedia. It is also the subject of an important, current study by the Sedona Conference; and two members from the Sedona Conference will be part of the panel. Chris Cronin, Halock Security Labs, Schaumburg, IL William R. Sampson, Shook Hardy & Bacon LLP, Kansas City, MO


BDO Alliance USA BRN

Oct. 15, 2020

Managing Cyber Risk with the Remote Workforce The BDO Alliance USA Business Resource Network (BRN) Client Focused Conversations (CFC). Speaker: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR.


InfraGard Wisconsin’s SuperCon 2020

Oct. 6, 2020

Getting to Reasonable – What regulators and judges want to see from every organization Speaker: Terry Kurzynski, Senior Partner at HALOCK When an interested party comes knocking after a breach, are you prepared to show your security program was reasonable and appropriate? The recently published Duty of Care Risk Analysis standard and related methods are now available for organizations to leverage. Terry Kurzynski, Senior Partner from HALOCK Labs, contributing author of the Center for Internet Security’s Risk Assessment Method (CIS RAM) and founding Board Member of the DoCRA Council (Duty of Care Risk Analysis), will present the facts on how to prepare your organization for scrutiny from any and all interested parties. Until recently the definition of “Reasonable Controls” and “Acceptable Risk” has been vague and left up to the security and risk practitioners in each organization. Most decisions are made ad hoc leaving the organizations open to fines and class action lawsuits related to an incident. In all breach/incident cases there is always a control or configuration that could have prevented the breach. The regulator, judge, or other interested party wants to understand; “why you did not have that particular control or configuration in place?” Having the calculus to demonstrate your understanding of the foreseeable harm that could come to you and others (outside of the organization) and how you were planning on addressing the reduction of impact or probability is what the interested parties want to see. Are you performing your duty?


Cyber Security Summit: Denver

Sept. 10, 2020

Threat Forecasting: Using Open Source Data to Foresee Your Next Breach Speaker: Chris Cronin, Partner at HALOCK We forecast cybersecurity events not to predict the future, but to change it. Regulators and litigators all hold us accountable for knowing foreseeable threats so we can avoid them. But what is foreseeable? And how do we evaluate risks knowing what is foreseeable? This session will demonstrate how open source information can help you prioritize your cybersecurity efforts, and demonstrate that you were being reasonable even if a breach does occur.


Cyber Security Summit: Chicago

Sept 1, 2020

CMMC/CCPA. Using Duty of Care Risk to Comply With New Challenges Speaker: Chris Cronin, Partner at HALOCK CMMC and CCPA are very different requirements that push security organizations in new directions. CMMC is specific and for the DoD supply chain. CCPA is generic and for any organization with certain personal information. But both specific and generic security requirements are difficult to comply with. During this session we will show you how Duty of Care Risk Analysis can help you move from either generic or specific requirements to “reasonable” security controls that regulators will understand.


Can DoCRA Duty of Care Risk Analysis tell you if your cybersecurity controls reasonable Podcast

Aug 4, 2020

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and CyberSecurity Practice Lead at Focal Law Group, discusses DoCRA – Duty of Care Risk Analysis. It’s an approach that helps organizations figure out whether their cybersecurity controls are reasonable. And we’ll do that with the help of our guest, Chris Cronin.


Infragard: Duty of Care Risk Analysis, defining “Reasonable Security”

Aug. 26, 2020

Duty of Care Risk Analysis, defining “Reasonable Security” What is “reasonable” security? If you are breached and your case goes to litigation, you will be asked to demonstrate “due care.” This is the language judges use to describe “reasonable.” Organizations must use safeguards to ensure that risk is reasonable to the organization and appropriate to other interested parties at the time of the breach. This presentation references case law, regulatory oversight and the Center for Internet Security Risk Assessment Method (CIS RAM), with a discussion on the future implications of this approach toward defining reasonableness. CIS RAM is based on the Duty of Care Risk Analysis standard (DoCRA.org) and is recognized by attorneys, regulators and interested parties for its ability to demonstrate reasonable implementation of controls.

SPEAKER: Terry Kurzynski


Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule

July 13, 2020

The FTC offered an online workshop concerning all of its proposed changes on Monday July 13 at 9:00 EDT.  The event webcasted live on the FTC’s website and can be viewed by anyone who wishes to attend.  One of the panelists was HALOCK partner Chris Cronin, who was involved in the discussion. Some of you may be familiar with Chris’s work wth DoCRA, Center for Internet Security’s risk assessment method (CIS RAM), and through his many public speaking engagements and publications. Chris also serves the Sedona Conference, a legal think tank that develops guidance for regulators and litigators for interpreting and applying complex legal questions, such as the reasonableness of cybersecurity controls.

PANELIST: Chris Cronin


NetDiligence: What is Reasonable Cyber Security?

July 7, 2020

The panel provided an overview of the risk-based analysis process that substantiates the method, and presented the legal, regulatory, and security best-practice history that informs the method. Each participant presented why the method successfully substantiates the term “reasonable” in their work and provided anecdotes that illustrate how it has been used on their experience. The panel described a practical method that organizations can use for defining how the term “reasonable” applies to them, all attendees received an immediately applicable, and tangible benefit from the session.

PANELIST: Chris Cronin


Online Meeting on The Sedona Conference Draft Commentary on Proactive Privacy and Data Security Governance

June 24, 2020, 1:00pm EDT

A panel of WG11 drafting team members will discuss their June 2020 draft Commentary, which is designed to assist organizations in creating a privacy and data security program that takes into account the ever-increasing number of privacy and data security laws around the world, including data localization laws. The draft Commentary is intended to be applied to all privacy and data security programs, no matter the size or type of an organization.

As the online meeting will focus on in-progress work product of WG11, only Working Group Series (WGS) members are permitted to attend. The online meeting is scheduled for 90 minutes, during which time you may make comments or ask questions of the panel via live chat. We aim to closely as possible replicate a typical dialogue between dialogue leaders and attendees at an in-person Working Group Meeting. The drafting team members welcome your feedback as the draft nears publication for public comment.

PANELIST: Chris Cronin


RSA Conference 2020:

Securing the Budget You Need! Translating Security Risks to Business Value. February 28, 2020

SPEAKERS: Jim Mirochnik

InfoSec speaks the language of risks and costs, while Business speaks the language of rewards and revenue. The lack of a common language leads to InfoSec struggling to secure the budgets they truly need. This session demonstrates, using case studies, how the invention of Duty of Care Risk Analysis (DoCRA) can create a common language with the Business and help secure appropriate budgets. SPEAKER: Jim Mirochnik


CAMP IT Conference

The Cybersecurity Department: Making Cybersecurity a Business Competency Through Key Risk Indicators February 20, 2020

SPEAKERS: Chris Cronin

CAMP IT Conference – Executives and Boards manage what they know, and stress about what they don’t know, And they stress over cybersecurity. Most organizations do not have cybersecurity specialists at their helm because their business has not relied on that capability until very recently. Cybersecurity has grown from the bottom-up in the hands of technicians, and from the top-down from regulators and engineers. But few organizations have articulated their cybersecurity objectives and risks in a manner that executives can engage with. This has resulted in alienating the people who approve our priorities, resources, and budgets. Chris Cronin will explain the root causes of the breakdowns between executive leadership and cybersecurity practitioners and will show how DoCRA-based analytics help executives make informed decisions about priorities, resources, and budgets.


CAMP IT Conference

Is There Such a Thing as Reasonable Privacy? February 20, 2020

SPEAKERS: Chris Cronin

CAMP IT Conference: U.S.-based organizations are finding that new and emerging privacy regulations are difficult to comply with. In many ways those regulations change our relationships with our customers and the public, and makes us stewards of information that they own. Many new privacy requirements are straightforward to implement (such as requiring opt-in and opt-out policies, and processes to field consumer inquiries). But some requirements, such as the right to be forgotten, reasonably verifying the identify of consumer requestors, and using reasonable security safeguards create a potentially expensive and harrowing grey area. During this session Chris Cronin will show a feature common among privacy regulations such as GDPR and CCPA that will help you clearly define what reasonable privacy controls are. By using Duty of Care Risk Analysis (DoCRA) your organization will be able to show that your controls are reasonable when you address your needs and the public’s needs as equally important.


CANCELLED due to pandemic – RIMS 2020 Annual Conference

2020 Annual Conference May 5, 2020

SPEAKERS: Chris Cronin

In post-data breach litigation, you must demonstrate due care and reasonable control. Learn how information security risk assessments can provide meaningful answers to technicians, businesses and authorities based on judicial balancing tests and regulatory definitions of reasonable risk.



2019

Infosecurity ISACA North America conference: Duty of Care Risk Assessment (DoCRA)

Questions a Judge Will Ask You After A Data Breach November 20, 2019

SPEAKERS: Tod Ferran

A discussion of the new Duty of Care Risk Assessment methodology (DoCRA) for infosecurity also known as the Center for Internet Security Risk Assessment Method (CIS RAM) Discuss what sets this method apart and why it is an important business tool. After this session you will be able to: Understand what sets the Duty of Care Risk Assessment apart from all others. Understand what regulators are looking for in a complete and thorough risk assessment and how the Duty of Care Risk Assessment fulfills those regulations and standards. Understand what basic questions are asked during litigation after a breach and how the Duty of Care Risk Assessment answers those questions. Understand how to complete a Duty of Care Risk Assessment along with where to get the free tools to successfully complete the assessment. SPEAKER: Tod Ferran, CISSP, QSA, ISO 27001 Managing Consultant Infosecurity ISACA North America Conference


(ISC)² Security Congress

The Questions a Judge Will Ask You After a Data Breach – What is “reasonable” security? October 30, 2019

SPEAKERS: Terry Kurzynski, DoCRA Council and Aaron DeMaster, Rexnord

If you are breached and your case goes to litigation, you will be asked to demonstrate “due care.” This is the language judges use to describe “reasonable.” Organizations must use safeguards to ensure that risk is reasonable to the organization and appropriate to other interested parties at the time of the breach. This presentation references case law, regulatory oversight and the Center for Internet Security Risk Assessment Method (CIS RAM), with a discussion on the future implications of this approach toward defining reasonableness. CIS RAM is based on the Duty of Care Risk Analysis standard (DoCRA.org) and is recognized by attorneys, regulators and interested parties for its ability to demonstrate reasonable implementation of controls.

Learning Objectives:
• Define risk assessment criteria so they allow for comparison, reflect the organization’s values and will hold up to public scrutiny.
• Model and select threats that are relevant to information assets and controls.
• Estimate the likelihood of risks.


Institute of Real Estate Management (IREM) Cybersecurity Webinar

Safekeeping Your Online Accounts – How to stop hackers from taking your money and information | October 22, 2019

Speaker: Glenn Stout

Security professionals get asked all of the time “What are the top things that I should be doing right now to keep my online accounts safe?” There are many “attack paths” that bad actors take to attempt to get to your money. Knowing what these attacks are – and what to do to protect your online accounts is the answer to the question asked above. This session will cover how the attacks are planned and carried out, and the keys to protect your accounts and data. Some topics include the concepts of phishing attacks, spear-phishing attacks, call fraud, scareware, extortion and the ways to protect against them, such as password approach, protecting email, devices and social media accounts.

After attending this session, participants will be able to:
• Understand the various attack paths that bad actors take to get to user accounts.
• What users generally do wrong that helps the bad actors win.
• Be aware of the key things to do to protect online accounts.


CAMP IT Leadership Strategies

How to Secure the Budget You Truly Need by Translating Technology Costs to Business Value | October 17, 2019

Speaker: Jim Mirochnik | Strategies and techniques for leading and guiding IT through a business approach during dynamic times.


Health Management Academy

Risk Analysis 2.0, Health Care Data Security in the Age of Risk October 17, 2019

SPEAKERS: Terry Kurzynski and Jen Rathburn

Discussion of HIPAA’s risk analysis and risk mitigation plan requirements

  • How risk assessment frameworks are evolving, including the Duty of Care Analysis (DoCRA)
  • How duty of care risk analysis builds consensus from the board room to the court room
  • How best to prepare and respond to regulatory investigations and plaintiffs’ lawsuits
  • How IT and Compliance can be enablers of the organization’s mission


CISO of the Year Award Breakfast

October 15, 2019

This award has been established to publicly recognize top senior information security leaders through nominations, judges and support from within the local community. The award will be presented on October 15th at a Breakfast Ceremony at the Metropolitan Club of Chicago.


CyberNext Summit 2019 – KuppingerCole Analysts

October 8-10, 2019

Speaker: Chris Cronin

Cybersecurity is shifting toward more distributed and dynamic models. Decentralized security infrastructure brings its challenges and opportunities. CyberNext Summit (#CNS19) summit will focus on the capabilities needed to achieve security in such a distributed environment, especially in the context of ever-increasing security threats. GALLERY
The Questions a Judge Will Ask You After a Data Breach


The Sedona Conference Working Group 11 Midyear Meeting 2019

September 18, 2019

Panelist: Chris Cronin | A panel of Data Security and Privacy Liability – Working Group 11 (WG11) members led a dialogue with WG11 members at the 2019 midyear meeting – Proactive privacy and security governance: Complying with global data privacy and security regulations


CUNA Technology Council Conference

The Questions a Judge Will Ask You After a Data Breach – A Panel Discussion  September 13, 2019 

PANELISTS: Jacqueline Connor, Attorney, Federal Trade Commission, Washington, DC  |  Chris Cronin, Principal, HALOCK Security Labs, Schaumburg, IL  |  Bill Podborny, CISO, Alliant CU, Chicago, IL 

Federal regulators, including NCUA, increasingly urge organizations to use risk analysis to determine whether security controls are reasonable. However, regulators are restrained from describing how risk analysis should work. During this session we will show how organizations can use Duty of Care Risk Analysis (DoCRA) to demonstrate whether security controls and risks are reasonable, and to do so in a way that supports management objectives, regulatory requirements, and information security disciplines.


Cyber Security Summit Chicago

 August 27, 2019 

SPEAKER: Chris Cronin  The fourth annual Chicago Cyber Security Summit connects C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. 

PRESENTATION: If you are breached and your case goes to litigation, you will likely be asked to demonstrate “due care” and that your controls were “reasonable.” Many are surprised to learn that a breach by itself often does not constitute negligence. Judges will ask a set of questions to determine whether your controls were reasonable. These questions bear a close resemblance to information security risk assessments; they both try to balance the likelihood and impact of foreseeable threats against the burden of safeguards. This presentation will explain judicial balancing tests, how they relate to regulatory definitions of “reasonable” risk, and how to conduct risk assessments that prepare you to answer the tough questions before you need to be asked. Request a copy of the presentation.

Cyber Security Summit Gallery


MIDWEST CYBER SECURITY ALLIANCE (MCSA) The California Consumer Privacy Act (CCPA)

Applicability, Requirements, and Practical Tips on Compliance September 12, 2019

SPEAKER: Terry Kurzynski

The California Consumer Privacy Act (CCPA) will be effective January 1, 2020, and enforced beginning six months later. Despite the quickly approaching effective date, there are still a number of pending legislative bills seeking to amend CCPA. This has created immense uncertainty for companies trying to bring their business into compliance with CCPA. We address the following types of questions to ensure attendees leave the presentation understanding whether CCPA applies to their business and, if so, the steps they should take to comply: Does CCPA apply to my business? How does CCPA affect our collection, use, and disclosure of personal information? What rights do individuals have under CCPA with regard to their personal information? What are the “reasonable security procedures and practices appropriate to the nature of the information” required by CCPA to protect personal information? What are the status of the various proposed amendments to CCPA? What are the potential penalties and risks of noncompliance, including private rights of action and the likelihood of class action lawsuits?


4th & Final 2019 Chicago CISO of the Year Social Mixer

Aug. 20, 2019


2019 EXPO.Health Conference

The Questions a Regulator Will Ask You After a Data Breach, Aug. 2, 2019

SPEAKER: Chris Cronin

The 2019 EXPO.health conference is focused on 5 main topic areas which are of interest to health IT professionals at hospitals, health systems, and ambulatory organizations – Security and Privacy, Analytics, Communication and Patient Engagement, IT Dev Ops, Operational Alignment and Support. HALOCK partner and the DoCRA Council Chair, Chris Cronin, will be speaking at the event. The Questions a Regulator Will Ask You After a Data Breach If you are breached and are visited by regulators, they will ask you to demonstrate that your safeguards were reasonable. Their questions resemble information security risk assessments. Regulators try to balance the likelihood and impact of foreseeable threats against the burden of safeguards. In this session we will show you how to conduct your risk assessments so you are ready to answer these tough questions.


3rd 2019 Chicago CISO of the Year Social Mixer

July 23, 2019



ITAC: W3 The Cycle of Cybersecurity: Integrating Cyberdefense Into Your Risk Decision-Making Process

, July 18, 2019

SPEAKER: Chris Cronin

ITAC is the premier event for IT audit executives and those tasked with ensuring that businesses are governing data in a secure and responsible way, while addressing risks related to information technology. ITAC is produced by MIS Training Institute (MISTI), the international leader in audit, IT audit and information security training, with offices in Boston and London. MISTI’s expertise draws on experience gained in training more than 200,000 delegates across five continents.



2nd CISO of the Year Mixer

June 18, 2019


IREM WEBINAR – Cyber Security: How to Secure Your Devices and Data,

July 16, 2019

SPEAKER: Glenn Stout, Ph.D., CISSP, CISM, GSEC, PMP


American Health Lawyers Association (AHLA) Webinar: Duty of Care Risk Analysis (DoCRA)

“Adopting Duty of Care Risk Analysis to Drive GRC” June 5, 2019

SPEAKERS: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR, Senior Partner; Board Member on The DoCRA Council and Jennifer L. Rathburn, Partner at Foley & Lardner LLP


Techno Security & Digital Forensics Conference

– The Questions a Judge Will Ask You After a Data Breach. June 3, 2019

SPEAKER: Tod Ferran, CISSP, QSA, ISO 27001


Cleveland-Marshall’s Cybersecurity and Privacy Protection Conference 2019.

May 30, 2019

PANELIST: Chris Cronin, ISO 27001 Auditor


CAMP IT: Enterprise Risk / Security Management.

Know Where Your Next Attack is Coming From. Attack prediction and resource prioritization using community-sourced data May 30, 2019

SPEAKERS: Todd Becker, PCI QSA, ISO 27001; Steve Lawn, CIPP CAMP IT GAllery


1st CISO of the Year Mixer

May 21, 2019


Institute of Real Estate Management (IREM) Cybersecurity Webinar: Phishing, Smishing and Whaling – Oh My!

May 7, 2019

SPEAKER: Glenn Stout, Ph.D., CISSP, CISM, GSEC, PMP


CAMP IT – Data Breaches: Defending Against and Responding To.
Third Party Assessment Prioritization: “Vendor Tiering and Due Diligence Levels” May 2, 2019

SPEAKER: Ken Squires, CISSP, HCISPP, CISA, CRISC, ISO 27001 AUDITOR CAMP IT Gallery


Compliance Week Webinar:

The Questions a Judge Will Ask You After a Data Breach Webcast. March 21, 2019

SPEAKER: Chris Cronin, ISO 27001 Auditor


RSA: Author! Author! Happy Hour.

March 6, 2019 Experts Todd Fitzgerald, author of CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, and Chris Cronin, principal author of CIS RAM, the CIS® (Center for Internet Security) Risk Assessment Method.

2018

CIS® (Center for Internet Security) – CIS RAM Workshop Dec. 10, 2018 SPEAKER: Chris Cronin, ISO 27001 Auditor

Midwest Cyber Security Alliance – How to Develop and Maintain an Effective Security Awareness Training Program  Dec. 5, 2018 SPEAKER: Glenn Stout, Ph.D., CISSP, CISM, GSEC, PMP

NIST Cybersecurity Risk Management Conference – Evaluating “Reasonable” Cyber Risk Using the Center for Internet Security Risk Assessment Method Nov. 9, 2019

SPEAKER: Chris Cronin, ISO 27001 Auditor

The Center for Internet Security Risk Assessment Method (CIS RAM) provides detailed and practical guidance that builds on NIST 800-30, and is consistent with regulatory and legal expectations for establishing “reasonable” and “appropriate” risk. The proposed panel discussion will feature the authors of CIS RAM who will present the method, its basis in security frameworks and law, and case studies that illustrate its use in legal and non-legal contexts.

Louisiana Hospital Association Webinar – Acceptable Security Risk and Negligence: It’s a Fine Line Nov. 7, 2018 SPEAKER: Tod Ferran, CISSP, QSA, ISO 27001

UW E-Business Consortium: Information Technology Peer Group Meeting – DoCRA Oct. 18, 2018 SPEAKER: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR

CAMP IT: Enterprise Risk / Security Management –
The Industry Risk Assessment Dilemma and the Solution Oct. 3, 2018 SPEAKER: Jim Mirochnik, MBA, PMP, QSA, ISO 27001

Midwest Cyber Security Alliance – Duty of Care Risk Analysis (DoCRA) and CIS RAM Sept. 19, 2018 SPEAKER: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 AUDITOR

Forrester Privacy & Security 2018 Sept. 25, 2018

SecureXII – 12th Annual ISSA and ISACA Chicago Chapters Security Conference June 12, 2018

CISO Executive Summit June 6, 2018

Cyber Security Summit: Chicago – CIS RAM: This Math Will Save You Aug. 29, 2018 SPEAKER: Chris Cronin, ISO 27001 Auditor

CIS RAM (Risk Assessment Method) Launch Event April 30, 2018 SPEAKER: Chris Cronin, ISO 27001 Auditor