By Bill Brenner
July 30, 2008
In the wake of a data breach, the company's top brass may go looking for
someone to blame. If you are the security chief, chances are it's going
to be you.
It doesn't matter that you warned executives repeatedly that certain
technological or cultural flaws were putting the company at risk, or
that you had to maintain security with a shoestring budget and little or
no staff. Chances are you'll take the fall whether you deserve it or
not, says George Moraetes, a Chicago-based security contractor and
executive board advisor for security event management firm
He has watched as some of his CSO acquaintances were blamed for a
security failure or dismissed for trying to blow the whistle over the
company's security holes.
"One friend of mine, the CISO of a credit bureau, blew the whistle on a
security auditor who wasn't following best practices and was making
reporting discrepancies," says Moraetes, an independent consultant. "The
auditor was a friend of the top brass, and the CISO was let go. I know
of three others in Georgia who were fired or demoted for similar
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com