Security professionals proudly describe how they assign owners to their organizations’ data and those owners “assume the risk of any compromise of the data.” Give me a break! The owner is invariably some business-unit manager who just wants to get the job done. The manager will agree to practically anything to get his or her pet project completed on time. Assume the risk for any potential security breach? Sure. Any time. Where do I sign? Knowing full well that if something bad were to happen, it would be the security person who would most likely take the blame.
Classy Data (pt. 3) – Ownership and Risk
C. Warren Axelrod writes the column Sense of SecurityBy C. Warren Axelrod posted in CSO/CISO Perspectives, InfoSec Economics, Risk Analysis, Security Metrics • September 28, 2009 • 6:00am