tag:blogger.com,1999:blog-21995415.post6875462460526979456..comments2024-02-01T11:08:01.659-05:00Comments on Matt Flynn: Information Security | Identity & Access Mgmt.: The C-Level execs take the fallMatt Flynnhttp://www.blogger.com/profile/09902381553517250020noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-21995415.post-506737461370986702008-04-16T10:50:00.000-04:002008-04-16T10:50:00.000-04:00Interesting perspective - thanks Alex. I already ...Interesting perspective - thanks Alex. I already pointed to the recent <A HREF="http://www.gartner.com/it/summits/risk2/index.jsp" REL="nofollow">Gartner GRC event</A> where a number of speakers discussed this and clearly had a different opinion. They even cited specific companies who's CEOs were affected but I unfortunately don't have a recording. I wonder if someone else could weigh in? <BR/><BR/>Ultimately, I believe it's the CEO who should be responsible for managing business risk since it affects the bottom line. And information security is a byproduct of business risk. We certainly have seen if nothing else that the CEOs at <A HREF="http://www.tjx.com/tjx_message.html" REL="nofollow">TJX</A>, <A HREF="http://www.hannaford.com/credit_card_security/" REL="nofollow">Hannaford</A> and others put their signatures on the customer apology letters. They may not lose their jobs, but they certainly spend time and effort cleaning up the mess for what is usually considered an IT issue. Sec. Rice was on TV and in the news because of the political nature of this story, but her involvement was similar to that of the TJX and Hannaford CEOs – <I>sorry and assurance</I>.Matt Flynnhttps://www.blogger.com/profile/09902381553517250020noreply@blogger.comtag:blogger.com,1999:blog-21995415.post-70409844031514952612008-04-16T07:11:00.000-04:002008-04-16T07:11:00.000-04:00Really, I expect that this "CEO" is taking the hea...Really, I expect that this "CEO" is taking the heat because it's a political thing involved in a presidential race. <BR/><BR/>I'm sure they exist, but I'm challenged to think of any other CEO that has been forced to resign by the board because of a security breach. TJX, DSW, SocGen... So to me, this would be an outlier rather than the norm.Anonymousnoreply@blogger.com