[Dataloss] CEOs deserve jail for data breaches

[Max Hozven]

My 2 cents is that we should make sure that whistle-blowers are
protected
and a large portion of fines collected go to potential victims of
identity theft 
(as opposed to all going down some rat-hole of a government bureaucracy.

Sending CEO's to jail for actions of someone way down the food-chain
could have
the undesired effect of not having good people want to be CEO's anymore,
and in this
economic situation, we need all the good people we can get at the top.

-Max
 Note: Opinions expressed are that of myself only.

-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of Adam Shostack
Sent: Wednesday, April 09, 2008 10:17 AM
To: Mike Simon
Cc: security curmudgeon; dataloss at attrition.org
Subject: Re: [Dataloss] CEOs deserve jail for data breaches

On Wed, Apr 09, 2008 at 09:09:33AM -0700, Mike Simon wrote:
| It would be an amusing exercise to postulate what other kinds of 
| things CEOs should receive jail time for in light of this new concept.

| If they choose biofuel over fuel cells and loose a billion dollars for

| investors, even though everyone was telling them that fuel cells were 
| the way to go, should we lock

I think we should jail CEOs *and* security pros who get all the budget
they want, and still allow a breach.  

More seriously, it's easy to suggest that others go to jail for not
doing what we want.  I know of few professionals who'd want to accept
the risk of jail time for their errors or omissions.

So if you advocate CEOs in jail, be prepared to join them.

Adam

_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor
your traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml