Calendar

Upcoming events and important dates regarding Duty of Care Risk Analysis (DoCRA)


RSA Conference 2020

Feb 28, 2020 – San Francisco, 8:30am

Moscone Center

SPEAKER: Jim Mirochnik

Securing the Budget You Need! Translating Security Risks to Business Value.

InfoSec speaks the language of risks and costs, while Business speaks the language of rewards and revenue. The lack of a common language leads to InfoSec struggling to secure the budgets they truly need. This session demonstrates, using case studies, how the invention of Duty of Care Risk Analysis (DoCRA) can create a common language with the Business and help secure appropriate budgets.


RIMS 2020 Annual Conference

May 5, 2020 – DC, 3:50pm

Thought Leader Theater

SPEAKER: Chris Cronin

The Questions a Judge Will Ask You After a Data Breach

In post-data breach litigation, you must demonstrate due care and reasonable control. Learn how information security risk assessments can provide meaningful answers to technicians, businesses and authorities based on judicial balancing tests and regulatory definitions of reasonable risk.


PAST EVENTS


CyberNext Summit 2019 – KuppingerCole Analysts

OCT 9, 2019 – DC, 9:30am

SPEAKER: Chris Cronin

The Questions a Judge Will Ask You After a Data Breach

This presentation will explain judicial balancing tests, how they relate to regulatory definitions of “reasonable” risk, and how to conduct risk assessments that prepare you to answer the tough questions before you need to be asked.

Attendees will learn:

  • How to define “reasonable” in a way that makes sense to business, judges, and regulators.
  • How to design and run a risk assessment that is meaningful to technicians, business, and authorities.
  • Learn from case studies involving regulatory oversight, law suits that happened, and law suits that never happened.

(ISC)² Security Congress: The Questions a Judge Will Ask You After a Data Breach – What is Reasonable

OCT 30, 2019 – Orlando, 1:45-2:45pm 

SPEAKER: Terry Kurzynski

What is “reasonable” security? If you are breached and your case goes to litigation, you will be asked to demonstrate “due care.” This is the language judges use to describe “reasonable.” Organizations must use safeguards to ensure that risk is reasonable to the organization and appropriate to other interested parties at the time of the breach. This presentation references case law, regulatory oversight and the Center for Internet Security Risk Assessment Method (CIS RAM), with a discussion on the future implications of this approach toward defining reasonableness. CIS RAM is based on the Duty of Care Risk Analysis standard (DoCRA.org) and is recognized by attorneys, regulators and interested parties for its ability to demonstrate reasonable implementation of controls.

Learning Objectives:

  • Define risk assessment criteria so they allow for comparison, reflect the organization’s values and will hold up to public scrutiny.
  • Model and select threats that are relevant to information assets and controls.
  • Estimate the likelihood of risks.

The Sedona Conference Working Group 11 Midyear Meeting 2019

SEP 18, 2019 – Canada

Panelist & Group Member: Chris Cronin

Proactive privacy and security governance: Complying with global data privacy and security regulations 


Healthcare Compliance Association (HCCA) – The Questions a Judge will ask you after a Data Breach

June 25, 2019 – Webinar 

SPEAKER: Tod Ferran


American Health Lawyers Association (AHLA) Webinar:  “Adopting Duty of Care Risk Analysis to Drive GRC

June 5, 2019 – Webinar 

SPEAKERS: Terry Kurzynski & Jennifer Rathburn of Foley & Lardner


Cleveland-Marshall’s Cybersecurity and Privacy Protection Conference 2019

MAY 30, 2019 – Cleveland 

PANELIST: Chris Cronin


NIST Cybersecurity Risk Management Conference – Evaluating “Reasonable” Cyber Risk Using the Center for Internet Security Risk Assessment Method

NOV 9, 2018  

PANELIST: Chris Cronin


UW E-Business Consortium: Information Technology Peer Group Meeting – DoCRA

OCT 18, 2018  

SPEAKERS: Terry Kurzynski with Foley & Lardner


CISO GROUP MEETING – DoCRA

OCT 23, 2018 – Chicago, 3:00-5:00pm 

Reserve your seat at info@docra.org.


DoCRA USER GROUP MEETING & WEBINAR Q1 2019

FEB 13, 2019 – Chicago & Webinar

Reserve your seat at info@docra.org.


WEBINARS

OCT 17, 2018

UW E-Business Consortium, University of Wisconsin-Madison – Cyber-Defense Strategies and Solutions: Preparing for a Cyber-breach: From Forensics to Litigation

NOV 7, 2018

LOUISIANA HOSPITAL ORGANIZATION – Acceptable Security Risk and Negligence: It’s a Fine Line

Duty of Care Risk Assessment (DoCRA): Preparing and Evaluating Risk Assessments for Reasonable Person Defenses

This presentation will cover an emerging approach for defining reasonableness in cybersecurity that uses “due care” as its basis. Referencing case law, regulatory oversight, and the recently-released CIS RAM (Center for Internet Security Risk Assessment Method), the speaker will explore the future implications of this emerging approach toward defining reasonableness.

NOV 7, 2018

NIST Cybersecurity Risk Management Conference 2018

Evaluating ‘Reasonable’ Cyber Risk Using the Center for Internet Security Risk Assessment Method

Center for Internet Security published a new risk assessment method in April 2018 that enables organizations to conduct risk assessments so they are meaningful to both internal
and external audiences: regulators, litigators, cyber security specialists, and non-technical
managers. The Center for Internet Security Risk Assessment Method (CIS RAM) provides
detailed and practical guidance that builds on NIST 800-30, and is consistent with
regulatory and legal expectations for establishing “reasonable” and “appropriate” risk. The
proposed panel discussion will feature the authors of CIS RAM who will present the
method, its basis in security frameworks and law, and case studies that illustrate its use in
legal and non-legal contexts.