Archive
(ISC)2 Security Congress | The Questions a Judge Will Ask You When You are Sued for a Data Breach | Getting to Reasonable Security
What is reasonable security? If you are breached and your case goes to litigation, you will be asked to demonstrate “due care.” This is the language judges use to describe “reasonable.” Organizations must use safeguards to ensure that risk is reasonable to the organization and appropriate to other interested parties at the time of the breach. This presentation references case law, regulatory oversight and the Center for Internet Security Risk Assessment Method (CIS RAM), with a discussion on the future implications of this approach toward defining reasonableness. CIS RAM is based on the Duty of Care Risk Analysis standard (DoCRA.org) and is recognized by attorneys, regulators and interested parties for its ability to demonstrate reasonable implementation of controls.
California Consumer Privacy Act CCPA Applicability, Requirements, and Practical Tips on Compliance
Midwest Cyber Security Alliance (MCSA) reviews the California Consumer Privacy Act CCPA to understand the potential penalties and risks of noncompliance.
How is PCI Enforced?
Unlike most regulations you may be familiar with, the PCI DSS is enforced by contract – here is a quick look at the process; learn more about how you can be PCI compliant and manage risk.
Health Care Compliance Association (HCCA) Webinar: Duty of Care Risk Analysis
Duty of Care Risk Analysis (DoCRA)
- How to define “reasonable” security controls that makes sense to business, judges, and regulators.
- Design and run a risk assessment that is meaningful to technicians, business, and authorities.
- Learn from case studies involving regulatory oversight, law suits that happened, and law suits that never happened
CCPA Quick Reference Card for Reasonable Security
Your quick look at the California Consumer Privacy Act (CCPA) for reasonable security.
Adopting Duty of Care Risk Analysis to Drive Governance, Risk, and Compliance (GRC)
Business decision-makers juggle countless variables and make risk decisions using “due care” and “reasonableness.” Learn best practices on how to apply duty of care to your specific organization.
HALOCK Information Technology Risk Assessment
HALOCK Information Technology Risk Assessment. The origins of Hand Rule and Due Care.
The Guide to PCI DSS 3.1
PCI DSS 3.1 further clarifies the changes made in PCI DSS 3.0 by addressing 30 clarifications to existing requirements, four guidance points that serve to improve understanding of the requirements