Chief Information Security Officers Bear Brunt of Data Breach Responsibility

By   ISBuzz Team
Writer , Information Security Buzz | May 06, 2015 05:05 pm PST

Tripwire survey examines views of information security professionals at annual IT security conferences

Tripwire, Inc., a leading global provider of advanced threat, security and compliance solutions, announced the results of a survey of 250 attendees at RSA Conference USA 2015 and BSidesSF 2015 in San Francisco, California.

In spite of pervasive vulnerability to devastating cyber attacks across a broad range of industries, information security experts attending two of the industry’s leading conferences believe that C-level technology executives would and should be held responsible for data breaches, according to the survey.

When asked, “Who would be held responsible in the wake of a data breach on critical infrastructure in your organization,” 41 percent of survey respondents said “CIO, CISO or CSO.” When asked, “Who should be held responsible in the wake of a data breach on critical infrastructure in your organization,” 35 percent said “CIO, CISO or CSO.” Only 18 percent of respondents believe the chief executive officer would be held responsible and only 10 percent believe the company board would be held responsible.

Cyber security liability is difficult to assign because you have to determine who knew about the risks, and then you have to figure out what they did, or did not do about them,” said Ken Westin, senior security analyst for Tripwire. “If the CEO is made aware that of security risks and does not provide the resources or plans to fix them, they own some of the responsibility. On the other hand, if the CISO does not share information about risk in a format that the CEO can understand, or fails to deploy the security controls and monitoring necessary to identify potential risks, then a greater share of the responsibility falls on her. However, cyber security is a team sport that requires active support across the organization and from all levels of the executive team.”

About Tripwire


Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.  For more information visit here, get security news, trends and insights at HERE