November 9, 2021 virtual chapter meeting


6:00PM – 6:15PM: Chapter Updates

6:15PM – 7:30PM: speaker - "The 8 Questions a Judge Will Ask You After a Data Breach" by Terry Kurzynski

7:30PM - 7:45PM - (ISC)² Silicon Valley Chapter 2022 Board of Directors election

7:45PM - 8:00PM: Member Round Table - Start with introductions. What is everyone up to? How is everyone doing?

Speaker: "The 8 Questions a Judge Will Ask You After a Data Breach" by Terry Kurzynski

Abstract: What is “reasonable” security? If you are breached and your case goes to litigation, you will be asked to demonstrate “due care.” This is the language judges use to describe “reasonable.” Organizations must use safeguards to ensure that risk is reasonable to the organization and appropriate to other interested parties at the time of the breach. This presentation references case law, regulatory oversight, and the Center for Internet Security Risk Assessment Method (CIS RAM), with a discussion on the future implications of this approach toward defining reasonableness. CIS RAM is based on the Duty of Care Risk Analysis standard ( and is recognized by attorneys, regulators and interested parties for its ability to demonstrate reasonable implementation of controls.

Learning Objectives:

  • Define risk assessment criteria so they allow for comparison, reflect the organization’s values, and will hold up to public scrutiny.

  • Model and select threats that are relevant to information assets and controls.

  • Estimate the likelihood of risks.

This presentation is an update of the one he presented at (ISC)² 2019 Security Congress.

About the speaker: Terry Kurzynski (CISSP, CISA, PCI QSA, ISO 27001 AUDITOR), Senior Partner at HALOCK Security Labs

With a background in cyber security, networking, application development, audit, project management, and consulting, Terry has a unique skill set in providing strategic advice to clients. Terry is a Board Member of The DoCRA Council and a contributing author of the CIS Risk Assessment Method (RAM). Terry is a CISSP, CISA, PCI QSA, and ISO 27001 Auditor with over 25 years of experience in IT and Security Consulting. He Graduated from the University of Wisconsin with a B.S. in Computer Science.

Pre-registration required

Where: online Zoom webinar

When: November 9, 2021 06:00 PM Pacific Time


Calendar: iCal download, Google Calendar or scan QR code image

Pre-registration is required. Registration ends automatically at the scheduled start time.

After registering, you will receive a confirmation email containing information about joining the meeting.

In order to process CPEs (Continuing Professional Education points) for members, please double check your (ISC)² member number is entered correctly.

  • We will use Zoom's webinar attendance report to compute attendees' CPEs. To get the full 2 CPEs for the meeting requires attendance from the scheduled start time to the end of the meeting. Late arrivals and/or early departures will receive CPEs based on minutes attended, rounded down to 0.25 CPE increments.

  • If you need to self-submit your CPEs for any reason (such as not entering an (ISC)² member number), use 1 CPE per hour in 0.25 CPE increments for the portion of the 2 hours you attended. If the meeting ends before 2 hours, full attendance still counts for 2 CPEs.