Distance Learning

Thought Leader Perspectives Webinar - Adopting Duty of Care Risk Analysis to Drive GRC

Time: 12:00-1:00 PM Eastern (60 minutes)
Format: Live Webinar

How much security is enough? Business decision-makers juggle countless variables and make risk decisions using “due care” and “reasonableness.”  The presentation reviews CIS® (Center for Internet Security) Risk Assessment Method (RAM), plus a worked example in detail. The discussion is based on the Duty of Care Risk Analysis Standard (DoCRA) which helps organizations find the appropriate balance of compliance, safeguards, and business objectives for building their security strategy.

Objectives for attendees:

  • Demonstrate how to balance the protection of their org’s interests with public interest in accordance with regulatory standards.
  • Establish definitions for “due care” to evaluate whether safeguards are reasonable and appropriate, either before or after a breach occurs.
  • Show how entities evaluated the risk-appropriateness of their safeguards after a breach occurs.
  • Learn a practical method of how to define “appropriate” or “reasonable” risk.

Note: No CLE offered for this course.

Presentation and complimentary registration brought to you by the Duty of Care Risk Analysis Standard (DoCRA) Council and by
Visit Halock Security Labs

Terry Kurzynski

Board Member

The DoCRA Council
Senior Partner
HALOCK Security Labs
Schaumburg, IL

Jennifer L. Rathburn

Founding Member

Midwest Cyber Security Alliance
Foley & Lardner LLP
Milwaukee, WI


The DoCRA Council
is a not-for-profit (501(C)(3)) organization that authors, maintains, and distributes standards and methods for analyzing and managing risk. The DoCRA Council is comprised of member organizations that require standards of practice in risk analysis and risk management, and who therefore have an interest in the methods used for analyzing risks and safeguards that reduce risk.

The DoCRA Council operates under a charter that describes its methods of authorship, review, and stewardship of risk analysis standards and methods.

Contact the DoCRA Council


When clients face cybersecurity challenges they need the right combination of experts to advise them. Cybersecurity risks are not exclusively a legal, business, or technical challenge. Risks can be created on corporate boards, in the C-Suite, within technical systems, or in the hands of end-users. Moreover, impacts can occur during a breach, or after a regulator reviews a case. And because cybersecurity risk and compliance is multi-disciplinary, advisors must capably address many specialized subjects at once to serve their clients well.

What is Reasonable?

HALOCK Security Labs partners with law firms to support clients for regulatory, strategic, and litigation matters using due care and reasonable person principles. HALOCK has pioneered an approach to risk analysis that aligns with regulatory standards for “reasonable” and “appropriate” safeguards and risk, and judicial “multifactor balancing tests” in data breach law suits. HALOCK has produced two emerging standards for cybersecurity risk management to promote our approach; the DoCRA Standard (Duty of Care Risk Analysis) maintained by the DoCRA Council, and CIS RAM (Risk Assessment Method) distributed by the prestigious Center for Internet Security.

By partnering with HALOCK, law firms expertly advise and represent their clients on legal, regulatory, and strategic matters while effortlessly demonstrating how clients’ complex technical decisions are defensibly reasonable.

Contact HALOCK for a Duty of Care Checklist and to help you determine the best course of action for you.

  • Registration Closed