Risk is always a part of your cyber strategy. It evolves based on your environment. It could be calm one moment, then a disastrous storm the next. The key to managing risk is to continually take care of your critical business areas and all interested parties.
But how do you manage the needs of many with different priorities?
By establishing reasonable security through the Duty of Care Risk Analysis (DoCRA). Duty of care requires that organizations demonstrate they used controls to ensure that risk was reasonable to the organization and appropriate to other interested parties at the time of the breach. This approach enables users to:
- Prioritize security investments
- Consider the needs of all interested parties
- Demonstrate that the risk is ‘Acceptable’ or ‘Reasonable’
- Protect the organization without overly burdening it
- Continuously manage to ‘enough’ security
- Manage your cyber insurance coverage appropriately
We also incorporate the Sedona Conference’s “Test for Reasonable Security Controls” establish that safeguards must not pose a higher risk to the organization than the lack of safeguards poses to others. By balancing an organization’s mission, objectives, and obligations, your risk strategy will have the appropriate balance of compliance, security, and corporate responsibility. You will be practicing ‘reasonable security’.
Learn how HALOCK’s Risk Management Program can help you reach and maintain acceptable risk and reasonable security.
HALOCK Breach Bulletins
Read HALOCK overviews and analyses about recent data breaches to understand what are common threats and attacks that may impact your organization – featuring description, indicators of compromise (IoC), containment, and prevention.
In Archive360’s Podcast Episode 29: What is “Reasonable Data Security”?, Bill Tolson and Chris Cronin, Partner, Governance and Engineering Practice at HALOCK Security Labs try and define “reasonable data security” – a term that continually appears in every states’ privacy law or proposed legislation.