The Hand Rule: Managing the Upper Limits of Security CostsWhile presenting a talk at CAMP IT last week I got (more…)Cindy Kaplan2025-06-17T19:52:50+00:00Tags: burden, hand rule, HIPAA, likelihood, negligence, NIST 800-30, Reasonable, reasonable and appropriate, Risk Assessment, Risk Treatment, security control|