Duty of Care Risk Analysis: Leveraging the New Risk Assessment Method to Reduce Liability Duty of Care Risk Analysis (DoCRA) is a new standard that describes processes for evaluating information security risks and their safeguards so that the resulting analysis
Join us at the Cyber Security Summit in Chicago. HALOCK Security Labs is a proud sponsor and speaker of the event.
By Chris Cronin, ISO 27001 Auditor, Partner Cybersecurity is no longer a concern for just internal IT. All levels of the organization today should have a keen awareness and involvement when it comes to cybersecurity. That level of engagement should start at the top within the corporate boardroom
There I was, ankle deep in raw sewage, incredulous that for the second time this summer, my basement was filling up with foul smelling murky waste. As I looked hopelessly at my wife while the water level continued to rise, I angrily thought to myself, “What else can I do?” Didn’t I shell out some […]
Author: Terry Kurzynski, ISO 27001 Auditor, CISSP, CISA, PCI QSA The Target® Breach in November 2013 lives infamously in our memories and has served as a pivot point for all businesses with regard to third party vendor management. After all, who could have imagined that the giant retailer would have been breached through a seemingly insignificant […]
Information security laws and regulations are telling us to conduct risk assessments before we develop our security and compliance programs. They insist on this so our security goals are meaningful to each of us, rather than aspiring to a generic list of controls that were written by experts who never met us and don’t understand […]
Managers often think about compliance in terms of policies. There is something concrete, achievable and finite about them. And they are required by laws and regulations for protecting information and systems. But too often managers think of policies as a finish line for compliance. Need to be compliant? Then write a bunch of new policies […]
Most of my information security focus these past few years has concentrated on management and governance, but this was not always the case. I came into this profession as a technologist and manager who focused on team building, turn-arounds and doing a lot with few resources. But as my career moved from technology operations to security […]