Defining "Reasonable" Security at (ISC)2 Security Congress

Approaching Reasonable Security for Regulatory Requirements such as The SHIELD Act, CCPA, California's Internet of Things (IoT) and more

News provided by

The DoCRA Council

Sep 26, 2019, 06:43 ET

SCHAUMBURG, Ill., Sept. 26, 2019 /PRNewswire/ -- The DoCRA (Duty of Care Risk Analysis) Council, a not-for-profit (501(C)(3)) organization that authors, maintains, and distributes standards and methods for analyzing and managing risk, will be presenting at the (ISC)² Security Congress taking place on October 28th – 30th in Orlando, FL, at the Walt Disney World Swan and Dolphin Resort.

Terry Kurzynski, Board Member of The DoCRA Council and partner of HALOCK Security Labs will be presenting "The Questions a Judge Will Ask You After a Data Breach" with co-presenter, Aaron DeMaster of Rexnord Corporation on Wednesday, October 30th at 1:45 p.m. ET in Northern E2. The session addresses the evolving challenge of information security professionals in defining 'reasonable' security for changing regulations.

The presentation offers a practical approach to establish reasonable safeguards based on an organization's mission, objectives, and obligations. For those that have been breached with a case going to litigation, a judge will ask them if they practiced "due care" or "reasonable" security. Referencing case law, regulatory oversight, CIS RAM and the Duty of Care Risk Analysis, this session prepares professionals to

  • Define risk assessment criteria so they allow for comparison, reflect the organization's values and will hold up to public scrutiny.
  • Model and select threats that are relevant to information assets and controls.
  • Estimate the likelihood of risks.

The (ISC)² Security Congress brings together a global community of cyber security professionals The event offers 175+ educational and thought-leadership sessions, and fosters collaboration with other forward-thinking companies.

ABOUT THE DoCRA COUNCIL

The DoCRA Council is comprised of member organizations that require standards of practice in risk analysis and risk management, and who therefore have an interest in the methods used for analyzing risks and safeguards that reduce risk. The organization operates under a charter that describes its methods of authorship, review, and stewardship of risk analysis standards and methods.

SOURCE The DoCRA Council