The CIS RAM Helps You Apply the Right Amount of Security
CIS RAM Learn More
I am an Attorney
Whether you are internal counsel or providing advice for your clients, attorneys should evaluate the organization’s risk assessment criteria to determine if it meets duty of care.
If you or one of your clients is breached and your case goes to litigation, you will be asked to demonstrate duty of care. The legal concept of duty of care requires that organizations demonstrate they used controls to ensure that risk was reasonable to the organization and appropriate to other interested parties at the time of the breach.
The day you are sued for a data breach, you will be asked eight questionsthat you will want to prepare your organization or client for.
Data Breaches are litigated in terms of negligence. Judges and interested parties are trying to determine if your organization/client was doing something reasonable to prevent harm to others.
DoCRA (Duty of Care Risk Analysis) is a standard by which organizations may align their risk assessments to demonstrate reasonable security and appropriate controls. The standard includes a method for organizations to clearly calculate and prioritize risk as well as define acceptable risk.
If you are looking for assistance in bringing your risk method in line with DoCRA (DoCRA.org), we can help. Contact us at cisram@halock.com.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.