The Questions a Judge Will Ask You After a Data Breach

  • TYPE: Keynote DATE: Wednesday, October 09, 2019 TIME: 09:30-10:00 LOCATION: Ballroom
Conference Agenda

If you are breached and your case goes to litigation, you will likely be asked to demonstrate “due care” and that your controls were “reasonable.” Many are surprised to learn that a breach by itself does not constitute negligence in most cases. But judges will ask a set of questions that help them determine whether your controls were reasonable. These questions bear a close resemblance to information security risk assessments; they both try to balance the likelihood and impact of foreseeable threats against the burden of safeguards. This presentation will explain judicial balancing tests, how they relate to regulatory definitions of “reasonable” risk, and how to conduct risk assessments that prepare you to answer the tough questions before you need to be asked.
Attendees will learn:
- How to define “reasonable” in a way that makes sense to business, judges, and regulators.
- How to design and run a risk assessment that is meaningful to technicians, business, and authorities.
- Learn from case studies involving regulatory oversight, law suits that happened, and law suits that never happened.

Log in to download the presentation:  


Chris Cronin is the Principal Author of CIS RAM (Center for Internet Security Risk Assessment Method). Chris has acted as expert witness and has conducted risk assessments to support regulatory compliance, incident response planning, regulatory oversight, and ISO 27001 certification....

Session Links

Washington, D.C. - USA


CyberNext Summit 2019

Registration fee:
€1000.00 $1250.00 S$1600.00 11000.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • Oct 08 - 10, 2019 Washington, D.C. - USA