Hacker News new | ask | show | jobs
by smileysteve 2998 days ago
Pull the plug.

The final "stick" and reason for a C in the title is the responsibility to shut down the data (and website) until such a point it can be secured.

It's should be considered more of a fiduciary duty (protect shareholders, customers) to protect data as making the right investment or HR decisions.
2 comments
tptacek 2998 days ago
"Pulling the plug" is almost never a capability provided to a company security team.
link
tedunangst 2998 days ago
What happens when the CIO plugs it back in?
link
smileysteve 2996 days ago
The CIO then accepts full liability.
link