Finally, real responsibility’s getting real. A CEO has to take personal responsibility for an incidental security miss.

So, after all the talk about ‘top management being accountable, and you can’t just delegate that’, we see that the buck indeed stops where it should. Or, well, it stops there, too; probably, down the line some others may receive a slight dent in their bonuses (up high) or get fired on the spot (lower down). But, for once, the blame doesn’t run downstream all too cleanly until it reaches the bottom.

Oh how wonderful it would be if, if this would become the standard. Then finally those in InfoSec and ITSec would get the appropriate (!) budgets…

Oh my! I forgot to mention Cyber …! Just sprinkle it around in the above piece, to make it hip and modern as if I understand everything new in the world – or it proves I don’t, par excellence…
#ditchcyber / #wegmetcyber you know.
So, here’s your picture:
[Hi, Ludwig!]


About maverisk

Maverisk Consultancy, IS Audit and Advisory services: Wikinomics meets governance and audit; otherwise, see my personal LinkedIn profile
This entry was posted in ERM, GRC, Information Risk Management. Bookmark the permalink.

Your comments are welcomed!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s