Mark Samuels of ZDNet recently asked, The CISO, the CIO, the CEO, or you: Who is really responsible for cybersecurity?. The article examines who should be held responsible for data security, both in the planning and in the aftermath. Polling five industry experts for insights, the article looks at the importance of:
- Making security the responsibility of every employee
- Realizing that threats cannot be solved through purchases
- Managing the perils of mobile device ownership
- Getting C-level support for governance initiatives
- Creating a pragmatic, risk-aware culture
Throughout the article, industry experts agree that while employees should feel that data security is their personal responsibility, when it comes down to it, only company owners, C-level employees or boards of directors are the ones responsible for data security, and the ones held accountable if a breach should occur. While everyone has an individual responsibility for data security, the culture of security for an organization needs to be embedded top-down. While strong IT management and layered security technologies play their part in data security, organizations need to stay on top of risk assessments, security policies and employee training in order to mitigate data security risks.
The article offers a lot of common sense insights into prioritizing security in all areas of the business. Read it in full here.
This article mirrors an article between Ginger Hill of Security Today and Absolute’s Stephen Treglia, which discusses the legal implications of data breaches when it comes to responsibility. In the end, the organization is responsible for data breaches, but much can be done in terms of technology, education and well-managed device security programs to mitigate data breaches and provide an audit trail should a device go missing.
When it comes to device management and security, Absolute is the industry leader. Learn more at Absolute.com