WEBINAR: Duty of Care Risk Assessment (DoCRA)


Duty of Care Risk Assessment (DoCRA): Preparing and Evaluating Risk Assessments for Reasonable Person Defenses

OVERVIEW
This presentation will cover an emerging approach for defining reasonableness in cybersecurity that uses “due care” as its basis. Referencing case law, regulatory oversight, and the recently-released CIS RAM (Center for Internet Security Risk Assessment Method), the speaker will explore the future implications of this emerging approach toward defining reasonableness.

The “reasonable person” standard is used in cybersecurity regulations and breach litigation and carries with it the same ambiguity and challenges it presents for other fields of practice. However, there is an emerging method for evaluating “reasonableness” in cybersecurity as evidenced in recent court decisions and regulatory actions. In 2015 and 2016, Minnesota Courts found that Target faced negligence liabilities after a breach while they held a compliant PCI DSS ROC. In 2016, LifeLock was fined $100 million with a compliant PCI DSS ROC in hand, and without suffering a breach because they failed to demonstrate “reasonable” security through risk analysis. But in 2017, a Pennsylvania Appellate Court ruled that University of Pittsburgh Medical Center was not negligent after a breach of employee data that caused demonstrable harm. While these cases may seem confusing, they result from a consistent line of reasoning used by courts and regulators alike. The HIPAA regulations require and the courts and regulators recognize risk assessments as the analysis to determine whether security controls were reasonable and applied due care.

PROGRAM OBJECTIVES
• Entities will be able to demonstrate how they can balance the protection of their interests with public interest in accordance with regulatory standards of practice;
• Entities can establish definitions for “due care” to evaluate whether safeguards are reasonable and appropriate, either before or after a breach occurs; and
• Entities can show how they evaluated the risk-appropriateness of their safeguards after a breach occurs.

WHO SHOULD ATTEND?
Hospital COOs, HIM staff, risk managers, legal counsel and compliance officers.

MEET YOUR FACULTY 

Tod Ferran is a Managing Consultant for HALOCK Security Labs. With nearly 30 years of IT security experience, he provides security consulting services, risk analysis, risk mitigations strategies and HIPAA/PCI compliance assessments for organizations throughout the United States and across the globe. Prior to joining HALOCK, Ferran was a Security Analyst for SecurityMetrics. He has also held the president position for several successful managed-service providers and directed software/security development teams in the U.S., India and the Netherlands.
 
When
11/7/2018 - 11/7/2018
Where
Webinar
United States

Program


Wednesday, 07 November 2018

 
Time
9:00 AM - 10:15 AM
11/7/2018 9:00 AM
Time
9:00 AM - 10:15 AM
11/7/2018 9:00 AM
Time
9:00 AM - 10:15 AM
11/7/2018 9:00 AM
Time
9:00 AM - 10:15 AM
11/7/2018 9:00 AM

Sign In