The Rise of Reasonable Security

November 12, 2024 | 2:00 P.M. ET

Through tort principles and new state data privacy laws, we are seeing the rise of “reasonable” cybersecurity — the duty of care that a reasonable organization owes its customers. However, no one has effectively defined it. In this panel, experts — technical, legal, and public policy — discuss key issues and challenges to this problem, examples of progress, and opportunities to improve cybersecurity at scale.

What You'll Learn

  • How the evolution of federal cybersecurity law warrants a universally accepted definition of reasonableness
  • How state data privacy laws necessitate businesses to implement robust strategies to secure citizens' data
  • How five states leading the way define reasonable security

 

Register for Webinar

Moderator

Curt Dukes
Executive Vice President and General Manager, Security Best Practices, CIS

Curt Dukes

Curtis W. Dukes joined CIS as the Executive Vice President and General Manager of the Best Practices and Automation Group in January 2017. The CIS Benchmarks™ and CIS Controls™ program provides vendor-agnostic, consensus-based best practices to help organizations assess and improve their security. Prior to CIS, Curt served as the Director, Information Assurance for the National Security Agency, Central Security Service. In that role Curt was responsible for securing systems that handle classified and critical information for military and intelligence activities.

Dukes joined the National Security Agency in 1984 as a Computer Scientist. He served in a variety of organizations within NSA, and earned the Distinguished Executive, Meritorious Executive, as well as Exceptional Performance and Meritorious Civilian Service Awards. He completed an overseas assignment and an intelligence community assignment for the Department of Defense. In Germany, Curtis had operational responsibilities for implementing Information Assurance activities across the European command. Following his community assignment, he became Deputy, then Chief of the Network Architecture and Applications Division, then Chief of the Systems and Network Attack Center. He later led highly skilled technical workforces as Director NSA/CSS Commercial Solutions Center. His last roles of responsibility at NSA were Deputy Director, then Director, of the Information Assurance Directorate.

Dukes earned a Bachelor’s Degree in Computer Science from the University of Florida, and a Master’s Degree in Computer Science from Johns Hopkins University. He is a 2004 graduate of the Intelligence Community Officer Training Program.

Panelists

Kirk Herath
CyberOhio, State of Ohio

Kirk Herath headshot

Kirk Herath is currently Ohio Governor Mike DeWine and Lt. Governor Jon Husted’s Cybersecurity Strategic Advisor and Chairman of CyberOhio, the State of Ohio’s Cybersecurity Advisory Board. His role spans coordinating and enhancing the State of Ohio’s cybersecurity capabilities, working with local governments to prepare and remediate cyber-attacks, and helping to build a modern cyber workforce.

Kirk is also an Adjunct Professor of Law at both Ohio State’s Moritz School of law and Cleveland State’s Cleveland-Marshall Law School. He retired as VP, Associate General Counsel and Chief Privacy Officer for Nationwide after 32 years. Kirk is also a Principal at Pillars Consulting Group where his practice focuses on data protection organization design, privacy practices and cybersecurity law. He also focuses on mentoring the next generation of privacy, data governance and technology leaders.

 

Samuel Thumma
Phoenix, Arizona

Samuel Thumma headshot

Judge Samuel Thumma has served on the Arizona Court of Appeals, Division One since 2012, serving as Chief Judge for two years ending in 2019 and Vice Chief Judge for two years before that. Before being appointed to the Court of Appeals, he served as a Judge on the Arizona Superior Court, Maricopa County for nearly five years, presiding over criminal and juvenile matters (including nearly 250 trials) and serving as an elected member of the Judicial Executive Committee.

Nationally, Judge Thumma is a Uniform Law Commissioner, where he is a member of the Scope & Program Committee, chairs the Drafting Committee on Updating the Uniform Determination of Death Act and is a member of the International Legal Developments Committee and the Committee to Monitor Developments in Civil Litigation and Dispute Resolution. Previously, he chaired the Drafting Committee for the Uniform Employee and Student Online Protection and Privacy Act (2016). He has been a member of the American Law Institute since 2003 and serves as an Adviser to the Restatement of the Law (Third) of Torts: Remedies. He Chairs the American Bar Association’s Judicial Division Appellate Judges Conference and is an officer on the Appellate Judges Education Institute, Inc., Board of Directors. Judge Thumma also serves as Judicial Division Liaison to the ABA Section of Litigation. By appointment of the National Center for State Courts, he serves on the Joint Technology Committee, a cooperative effort of the NCSC, the Conference of State Court Administrators, and the National Association for Court Management.