An update on ‘reasonable security’ and how it impacts your risk and security posture.
FTC warns companies to remediate Log4j security vulnerability
“The FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.”
Does Your Cyber Insurance Policy Look More Like Health Insurance?
“an increasing number of states require businesses to implement “reasonable safeguards“ to protect personal information.”
The Year of Reasonable Security
“What is considered ‘reasonable’ when it comes to cybersecurity? That has become a burning question for not just the IT and cybersecurity communities but also for company board rooms, regulators, judges, and litigators.”
“government resources are setting the baseline on reasonable security for Log4j response and, in essence, providing a potential roadmap for legal compliance.”
IoT Security Standards and Regulations: Where Are We Now?
“in California, a law requires manufacturers to implement ‘reasonable security features’ such as having unique passwords per device if they want to sell to consumers in that market.”
Data Privacy, Security Considerations in Multi-Residence Buildings
“Biometric information also qualifies as personally identifiable information under the data breach notification and reasonable safeguard laws in many states.”
Reasonable Security Resources
In Archive360’s Podcast Episode 29: What is “Reasonable Data Security”?, Bill Tolson and Chris Cronin, Partner, Governance and Engineering Practice at HALOCK Security Labs try and define “reasonable data security” – a term that continually appears in every states’ privacy law or proposed legislation.
PODCAST: Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Chris Cronin, ISO 27001 Auditor and Partner at HALOCK, a leading information security consultancy. Their discussion focuses on “reasonableness” as it relates to cybersecurity risk management.
RIMS: RiskWorld Recording: Reasonable Security & The Questions a Judge Will Ask You After a Data Breach In post-data breach litigation, you must demonstrate due care and reasonable control. Learn what basic questions the court will ask and how the duty of care risk assessment (DoCRA)—based on judicial balancing tests and regulatory definitions of reasonable risk—helps you answer them.