 What lawyers mean by ‘reasonable’ cyber security controlsChris Cronin
Cyber Security: A Peer-Reviewed Journal, 2020, vol. 3, issue 4, 315-329 Abstract: Regulators, litigators and cyber security standards require that cyber security controls should be ‘reasonable’. But rarely do these authorities define what the word means. Lawyers and regulators have long stated that reasonableness is a balance between protecting others from harm and using controls that are no more burdensome than the risks they reduce. They have illustrated this concept with a calculation that is remarkably similar to risk calculations used in cyber security risk management. This paper explores an accidental collaboration between the cyber security community, judges and regulators to define reasonableness, and demonstrates to readers how they can use risk analysis to defend their security programmes as reasonable. Keywords: reasonable; risk analysis; litigation; regulation (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2020:v:3:i:4:p:315-329 Access Statistics for this article More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.