Do you need a CSO?

This article was generated in response to a survey that found that 24% of companies surveyed had a Chief Security Officer.

I have always believed that responsibility for an organization’s security should rest on the shoulders of someone. Let’s face it despite the constant barrage of news stories about breaches, cyber extortion, and targeted attacks there is no stronger motivation for taking action within the corporate world than the fear of losing your job.

I have known far too many IT Security people who feel their responsibility ends with a memo; the infamous CYA memo that warns of an exposure and that protects you from getting fired when the outage finally occurs.

So, there is a vital position at most organizations whose job description should read: “If we suffer an outage or business loss due to careless security practices you get fired.