Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
A CISO's Guide to Avoiding Jail After a Breach
Yahoo, Uber, SolarWinds -- increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?
1 Min Read
_Michael_Burrell-Alamy.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale "gloved patriotic dressed hand holding get out of jail card")
MICHAEL BURRELL VIA ALAMY STOCK
Sullivan to the so-called Commission on Enhancing National Cybersecurity. Four years later, Sullivan was researching prisons, and how to stay safe and sane while on the inside.
He was a strangely cast felon, having spent the first eight years of his career moving up the ladder at the US Department of Justice, and the following half-decade as an assistant US attorney. He'd even prosecuted the first-ever case pertaining to the Digital Millennium Copyright Act (DMCA), United States v. Elcom Ltd., on behalf of the government.
Suffice it to say that few people on earth understood the laws, the business, and the reality of cybersecurity better than Sullivan did. But for having mishandled a major data breach in November 2016, he's still defending himself in court to this day.
"The US government has so much power, and it can steamroll people in a really unfair way," says Jess Nall, a partner at Baker McKenzie LLP. "What's evolved in the last 10 years is that CISOs and other information security professionals -- including privacy and data security lawyers, and other infosec personnel -- are getting thrown under the bus when major cyberattacks happen."
About the Author
You May Also Like
More Insights
