They Know You Can’t Get to 100% Compliance … and That’s Okay
(HIPAA, CCPA/CPRA, GDPR, 23 NYCRR Part 500, CMMC, PCI, FISMA, FERPA)
Thursday, February 18, 2021
Meeting old and new security requirements is about to change. For the first time, all requirements, even version 4.0 of the PCI DSS, are going to be driven by risk. What does that mean exactly? Each organization will need to decide what its definition of “acceptable risk” is, not only for the organization, but for its clients and business partners as well as the general public. Those who could be harmed by your service or product, and in how you conduct business, need to be considered in the risk equation.
To address these issues, the next Midwest Cyber Security Alliance virtual meeting will offer an update on some familiar topics including the concept of “reasonable controls” and “acceptable risk.” These terms have permeated our security regulations and standards over the last decade and have plagued organizations just as long — until today. Quite recently, regulators, judges, and security experts have all agreed to a common calculus to determine if an organization has reasonable controls. During this session, we will dissect the Sedona Conference’s new proposed legal test for reasonable security controls based on B2 – B1 < (P x H)1 – (P x H)2.
Understanding and leveraging the legal definition of “reasonable” will certainly have its advantages — please join Foley and HALOCK Security Labs on Thursday, February 18, 2021, for a discussion on what it is and how it can be applied to your organization.
There is no fee to attend this event, but advance registration is required. To register, please click on the RSVP button below.
NOTE: Upcoming MCSA meetings will be hosted virtually until it is safe to gather in person again. While we miss connecting with everyone from the scenic 40th floor of our Milwaukee office, we look forward to expanding participation to our colleagues and peers located outside of the Milwaukee–Chicago corridor!
Jennifer L. Urban, CIPP/US
Foley & Lardner LLP
Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001
HALOCK Security Labs
The Midwest Cyber Security Alliance (MCSA) is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professional firms advocating for more effective cybersecurity solutions. MCSA’s mission is data privacy and security through education, specifically, cyber preparedness and security awareness. The organization is a meeting place for all cybersecurity stakeholders, in every industry, to collaborate on current cyber threats as well as cyber defenses and strategies.
Foley & Lardner LLP will apply for CLE credit after the program, wherever applicable. Foley & Lardner LLP certifies that this activity has been approved for California MCLE credits by the State Bar of California in the amount of 1.0 General credit. Foley & Lardner LLP is a State Bar of California MCLE approved provider. Please note that participants must be in attendance on the date of the event; credit may not be obtained by viewing and/or listening to a program recording after the event. Certificates of attendance will be distributed to eligible participants approximately eight weeks after the program via email.
Important Information for New York Attorneys: This program is appropriate for experienced attorneys only.
This program may be eligible for continuing privacy education (CPE) credit toward CISA, CISM, CGEIT, and/or CRISC certifications and maintenance. Please visit the ISACA website to review the specific CPE requirements for your certification and verify whether the topic(s) addressed in this program align with one or more of your certification’s job practice areas: CISA, CISM, CGEIT, CRISC. If determined to be eligible, you may pick up a copy of the ISACA Verification of Attendance form onsite during the program.