http://www.techworld.com/security/news/index.cfm?newsID=11924 By John E. Dunn Techworld 08 April 2008 A growing number of security pros believe that the way to stop data breaches from happening is simple as it is stark - send the CEOs or board members deemed responsible to jail. The opinion emerged from a survey by security mainstay Websense at the recent UK e-Crime Congress, which polled 107 security professionals on their opinions. Seventy-nine percent believed that companies should be fined for data breaches . something that does already happen in some cases in the UK . while 59 percent were in favour of compensation for consumers affected by a breach. The most striking view of all was that the time had come to punish serious data breaches with jail time for senior staff, with 25 percent rating that as a necessary step. Only three percent were against any form of legally-enforceable punishment. Although this was a small poll of the sort that IT companies regularly drum up to use as PR after industry shows, the numbers give another indication of the changing attitudes towards the well-paid captains when it comes to taking responsibility for security. And how about the number of respondents who believed that the IT department should bear ultimate responsibility? A meagre five percent. Almost all agreed that the world now needed a global body to oversee cooperation on data security, complete with the power to enforce action. The tendency to point the finger of blame at company boards probably has something to do with the apparent causes of poor security. Forty-five percent thought this was down to cost . boards are often blamed for not spending enough unless forced to . while 45 percent also named the fact that data security just wasn.t high enough on the list of company priorities. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Wed Apr 09 2008 - 01:29:29 PDT