A CISO's Guide to Avoiding Jail After a Breach
Yahoo, Uber, SolarWinds -- increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?
Sullivan to the so-called Commission on Enhancing National Cybersecurity. Four years later, Sullivan was researching prisons, and how to stay safe and sane while on the inside.
He was a strangely cast felon, having spent the first eight years of his career moving up the ladder at the US Department of Justice, and the following half-decade as an assistant US attorney. He'd even prosecuted the first-ever case pertaining to the Digital Millennium Copyright Act (DMCA), United States v. Elcom Ltd., on behalf of the government.
Suffice it to say that few people on earth understood the laws, the business, and the reality of cybersecurity better than Sullivan did. But for having mishandled a major data breach in November 2016, he's still defending himself in court to this day.
"The US government has so much power, and it can steamroll people in a really unfair way," says Jess Nall, a partner at Baker McKenzie LLP. "What's evolved in the last 10 years is that CISOs and other information security professionals -- including privacy and data security lawyers, and other infosec personnel -- are getting thrown under the bus when major cyberattacks happen."
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022