http://www.csoonline.com/article/440108/Data_Breach_Fallout_Do_CISOs_Need_Legal_Protection_ By Bill Brenner Senior Editor CSO Online July 30, 2008 In the wake of a data breach, the company's top brass may go looking for someone to blame. If you are the security chief, chances are it's going to be you. It doesn't matter that you warned executives repeatedly that certain technological or cultural flaws were putting the company at risk, or that you had to maintain security with a shoestring budget and little or no staff. Chances are you'll take the fall whether you deserve it or not, says George Moraetes, a Chicago-based security contractor and executive board advisor for security event management firm IdentityLogix. He has watched as some of his CSO acquaintances were blamed for a security failure or dismissed for trying to blow the whistle over the company's security holes. "One friend of mine, the CISO of a credit bureau, blew the whistle on a security auditor who wasn't following best practices and was making reporting discrepancies," says Moraetes, an independent consultant. "The auditor was a friend of the top brass, and the CISO was let go. I know of three others in Georgia who were fired or demoted for similar reasons." [...] _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Fri Aug 01 2008 - 02:06:27 PDT
This archive was generated by hypermail 2.2.0 : Fri Aug 01 2008 - 02:21:11 PDT