Who Is Ultimately Accountable for Risks, Threats, and Vulnerabilities?

Executive management is ultimately accountable for controlling risks. Executives must explain why major security breaches occurred. They must rebuild trust with the public. They also have to rebuild confidence with shareholders and regulators.

To be accountable means to face consequences for failure to act. Some organizations find it difficult to apply consequences to top leadership. Worse yet are organizations that identify so many leaders as accountable that, for all practical purposes, no one is accountable.

As a result, not all organizations are capable of holding their leaders accountable. Accountability can come from external forces such as:

  • Public opinion—This can ...

Get Security Policies and Implementation Issues, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.