From: security curmudgeon (jerichoattrition.org)
Date: Fri Aug 01 2008 - 04:46:43 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>

http://www.csoonline.com/article/440108/Data_Breach_Fallout_Do_CISOs_Need_Legal_Protection_

By Bill Brenner
Senior Editor
CSO Online
July 30, 2008

In the wake of a data breach, the company's top brass may go looking for
someone to blame. If you are the security chief, chances are it's going to
be you.

It doesn't matter that you warned executives repeatedly that certain
technological or cultural flaws were putting the company at risk, or that
you had to maintain security with a shoestring budget and little or no
staff. Chances are you'll take the fall whether you deserve it or not,
says George Moraetes, a Chicago-based security contractor and executive
board advisor for security event management firm IdentityLogix.

He has watched as some of his CSO acquaintances were blamed for a security
failure or dismissed for trying to blow the whistle over the company's
security holes.

"One friend of mine, the CISO of a credit bureau, blew the whistle on a
security auditor who wasn't following best practices and was making
reporting discrepancies," says Moraetes, an independent consultant. "The
auditor was a friend of the top brass, and the CISO was let go. I know of
three others in Georgia who were fired or demoted for similar reasons."

[...]
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]