CIS RAM FAQ
Frequently Asked Questions on CIS RAM and DoCRA
CIS RAM is an information security risk assessment method that helps organizations design and evaluate their implementation of the CIS Controls. CIS RAM provides instructions, examples, templates, and exercises for conducting risk assessments. And because CIS RAM is based on the DoCRA Standard, its risk assessments meet the requirements of established information security risk assessment standards and demonstrate whether safeguards are “reasonable” and “appropriate” as regulators and judges often require.
CIS RAM v2.0 Released
var Tawk_API=Tawk_API||{}, Tawk_LoadStart=new Date();
(function(){
var s1=document.createElement("script"),s0=document.getElementsByTagName("script")[0];
s1.async=true;
s1.src='https://embed.tawk.to/5ec2f9618ee2956d73a25c2f/default';
s1.charset='UTF-8';
s1.setAttribute('crossorigin','*');
s0.parentNode.insertBefore(s1,s0);
})();
WHAT IS THE DoCRA STANDARD?
DoCRA (or “Duty of Care Risk Analysis”) is a method for analyzing risk as regulators and judges expect it to be done. Regulations and judicial “balancing tests” expect that organizations consider the likelihood and degree of harm they may cause themselves and others, and to use safeguards that reduce those risks – as long as those safeguards are not overly burdensome.
DoCRA can be used to analyze cybersecurity risks using any variety of control standards or regulatory requirements. HALOCK uses DoCRA methods to analyze risks with ISO 27001/27002, NIST Special Publications 800-53, the HIPAA Security Rule, GDPR, 23 NYCRR Part 500, 201 CMR 17.00, the NIST Cybersecurity Framework, and even maturity model-based controls models, such as FFIEC CAT.
CIS RAM v2.1 RELEASED
HALOCK is headquartered in Schaumburg, IL, in the Chicago area and advises clients on reasonable information security strategies, risk assessments, penetration testing, security management and architecture reviews, and HIPAA & PCI compliance throughout the US. HALOCK partners with you to establish reasonable security controls based on your organization’s mission, objectives, and obligations.