Speaker: Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 Auditor

Session Description: 

What is your Duty of Care? How do you define “reasonable” security safeguards? When do I know that I have done enough? Organizations need a method to establish acceptable risk for the business, regulators, and all interested parties – a method that considers harm outside the company, defines acceptable risk, and examines the burden of proposed safeguards. Duty of Care Risk Analysis, leveraged by the Center for Internet Security’s Risk Assessment Methods (CIS-RAM), translates these requirements into business terms to develop reasonable security controls.

Session Level: Intermediate Level

Pin It on Pinterest