Defining Reasonable Security for Regulatory Requirements such as The SHIELD Act, CCPA, California’s Internet of Things (IoT) and more


The DoCRA (Duty of Care Risk Analysis) Council, a not-for-profit (501(C)(3)) organization that authors, maintains, and distributes standards and methods for analyzing and managing risk, will be presenting at the (ISC)² Security Congress taking place on October 28th – 30th in Orlando, FL, at the Walt Disney World Swan and Dolphin Resort.


Terry Kurzynski, Board Member of The DoCRA Council and partner of HALOCK Security Labs will be presenting “The Questions a Judge Will Ask You After a Data Breach” with co-presenter, Aaron DeMaster of Rexnord Corporation on Wednesday, October 30th at 1:45 p.m. ET in Northern E2. The session addresses the evolving challenge of information security professionals in defining  reasonable security for changing regulations.

The presentation offers a practical approach to establish reasonable safeguards based on an organization’s mission, objectives, and obligations. For those that have been breached with a case going to litigation, a judge will ask them if they practiced “due care” or “reasonable” security. Referencing case law, regulatory oversight, CIS RAM and the Duty of Care Risk Analysis, this session prepares professionals to

  • Define risk assessment criteria so they allow for comparison, reflect the organization’s values and will hold up to public scrutiny.
  • Model and select threats that are relevant to information assets and controls.
  • Estimate the likelihood of risks.

The (ISC)² Security Congress brings together a global community of cyber security professionals The event offers 175+ educational and thought-leadership sessions, and fosters collaboration with other forward-thinking companies.

Review your security strategy to address your changing working environment and risk profile. HALOCK is a trusted cyber security consulting firm and penetration testing company headquartered in Schaumburg, IL in the Chicago area on managing risk with reasonable information security throughout the United States.