MINERVA_Logo_white
DRIVEN BY BUSINESS
Achieving Balanced Cybersecurity

Achieving a well balanced cybersecurity program can be one of the most difficult initiatives an organization undertakes.  Technology is integrated into almost every aspect of building a business and therefor, so too should be cybersecurity.  That being said, we recognize the pressures of the business to remain nimble and quick do not always align with the need to protect the business.  How does your organization achieve balance that you can defend to your stakeholders?

THIS IS HOW WE DO IT

BY KNOWING THE LEGAL REQUIREMENTS
Legal Threshold & The Standard of Care
The Standard of care is the legal threshold that reduces your exposure to nengligence.
BENCHMARK CASES
United States v. Carroll Towing Co.
is a decision from the 2nd Circuit Court of Appeals that proposed a test to determine the standard of care for the tort of negligence.
Caremark International Inc Derivative Litigation
is a civil action that came before the Delaware Court of Chancery. It is an important case in United States corporate law and discusses a director’s duty of care in the oversight context. It raised the question regarding compliance, “what is the board’s responsibility with respect to the organization and monitoring of the enterprise to assure that the corporation functions within the law to achieve its purposes?” Chancellor Allen wrote the opinion.
AND IMPLEMENTING THEM OPERATIONALLY
Characteristics of The Standard of Care
The standard of care is the only degree of prudence and caution required of an individual who is under a duty of care.

CHARACTERISTICS

Reasonable
In the law of Negligence, the reasonable person standard is the standard of care that a reasonably prudent person would observe under a given set of circumstances. This cannot be done alone and requires insight into the internal control posture of your peers.
Current
The standard of care is based on the current state of the environment in which you are participating. This does not only apply to your posture, but your awareness of your peers. The fact that you meet the standard today is not relevant if your peer group materially improve their maturity leaving you exposed to cyber risk.
Over Time

The standard of care is not a point-in-time threshold, meaning that you must have visibility throughout the year to ensure that you have met the reasonable standard at the point of the event. Since most security events happen outside of a scheduled window, this means that you must be aware at all times.