In this episode of Cyber Security America, Chris Cronin, a partner at HALOCK Security Labs and founding partner at Reasonable Risk, discusses the concept of "reasonableness" in cybersecurity, particularly in the context of risk management and legal compliance. Chris explains how his background in American history and law informs his approach to bridging the gap between technologists and lawyers, emphasizing the importance of cost-benefit analysis in regulations. He introduces the DoCRA (Duty of Care Risk Analysis) standard, which focuses on balancing the impact of risks on both the organization and potentially affected third parties. The conversation covers the challenges of defining "reasonable" in different contexts, the role of standards of care like antivirus software, and the potential for DoCRA to reduce insurance costs and litigation. Chris also touches on the importance of transparency and documentation in incident response, and the need for informed decision-making by executives regarding cybersecurity investments. He provides resources like the CIS RAM (Risk Assessment Method) and tools from HALOCK and Reasonable Risk to help organizations implement these principles.
Sign in to continue reading, translating and more.
Continue
