This is one of the key points I've advocated for several years in my articles and with my clients when dealing with preventing intellectual property theft by both employees and by contractors.
(You can read a lot more about that and download some articles here: http://www.ceruleanllc.com/Services/Consulting_IPSecurity.htm)
Frankly, requiring the chief security officer, compliance officer or risk officer to be accountable for information flow out of the company is akin to expecting the governor of a state to be accountable for stopping burglaries all over the state; it's just unrealistic. While the office (like the governor) may have ultimate accountability, responsibility for monitoring has to be pushed down to the people who can make the greatest impact at the swiftest level - the supervisors and managers of each functional level (much less the individual employees); again, no different than the mayor, police force (and individual citizens) in a town.
Data Security: Whose Job Is It Really?
Forrester has a recommendation for CISOs struggling with how to secure corporate data: Stop trying so hard.
» View Article
This is one of the key points I've advocated for several years in my articles and with my clients when dealing with preventing intellectual property theft by both employees and by contractors.
(You can read a lot more about that and download some articles here: http://www.ceruleanllc.com/Services/Consulting_IPSecurity.htm)
Frankly, requiring the chief security officer, compliance officer or risk officer to be accountable for information flow out of the company is akin to expecting the governor of a state to be accountable for stopping burglaries all over the state; it's just unrealistic. While the office (like the governor) may have ultimate accountability, responsibility for monitoring has to be pushed down to the people who can make the greatest impact at the swiftest level - the supervisors and managers of each functional level (much less the individual employees); again, no different than the mayor, police force (and individual citizens) in a town.
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK