Author: Michael Nossaman

CEO Take Responsibility

An all too common response in the aftermath of a security incident serious enough to draw scrutiny and criticism is for the organization’s CEO to declare, “I take responsibility.” If this mea culpa is proclaimed boldly enough and with an air of authenticity it might actually be viewed as noble and possibly garner enough sympathy to get them off the hook.

But, if the CEO had not previously been committed to security, what does “I take responsibility” really mean? It means, “I screwed up. I wasn’t paying attention to important stuff I should have been.”

Read More