The Center for Internet Security, Inc. (CIS®) Cybersecurity Where You Are Podcast: Conceptualizing Reasonableness for Risk Analysis

In episode 29 of Cybersecurity Where You Are, co-hosts Tony Sager and Sean Atkinson are joined by Chris Cronin, ISO 27001 Auditor and Partner at HALOCK, a leading information security consultancy and Board Chair of The DoCRA Council. Their discussion focuses on “reasonableness” as it relates to cybersecurity risk management. This topic isn’t just about proving to regulators, litigators, and others that security controls were in place prior to an incident. It also considers how to implement safeguards without overburdening users and executives.

Listen to the Podcast

Reasonable Security Risk



Presented at RIMS RiskWorld 2022

In post-data breach litigation, you must demonstrate due care and reasonable control. Learn what basic questions the court will ask and how the duty of care risk assessment (DoCRA)—based on judicial balancing tests and regulatory definitions of reasonable risk—helps you answer them. Distinguish the risk assessment criteria that allow for comparison, reflect your organization’s values and hold up to public scrutiny. See how you can employ DoCRA to fulfill regulators’ requirements for a complete and thorough risk assessment following a data breach. Learn how to define ‘reasonable security’.

PRESENTER: Chris Cronin, ISO 27001 Auditor | Board Chair – The DoCRA Council | Partner – HALOCK Security Labs

DoCRA Reasonable Security



CIS RAM: This Math will Save You  VIDEO
CIS® (Center for Internet Security, Inc.) just released its first risk assessment method, CIS Risk Assessment Method (RAM). CIS RAM uses a simple equation developed by the courts as the basis for reasonableness in your risk assessment. This method, based on DoCRA, helps you define your acceptable level of risk in a way that creates consensus among executives, attorneys, and regulators.

HISTORY OF DUTY OF CARE VIDEO (Click icon, then play button to begin)


IMPACT DEFINITIONS VIDEOS (Click icon, then play button to begin)

DoCRA Duty of Care Risk Analysis Bank Financial
Financial Services Industry
DoCRA Manufacturer
Manufacturing Industry
Telecom Duty of Care Risk Analysis DoCRA Telecom
Telecommunications Industry

google-site-verification: google63ef709d838c2f7a.html