|
|
|
|
|
|
by nwallin
2564 days ago
|
|
|
> government program that accepts responsibility for doing so. We already have that.[0] But it doesn't do any good, because it's purely advisory, but they need regulatory and enforcement power. We need an SEC for cybersecurity. Obama put Rod Beckstrom in charge of the National Cybersecurity Center, and that was great, but he resigned after a year because there was no funding behind it. It had been limping along since, but Trump deleted the position about a year ago. The point is, if we want to fix this problem, we need the political will to hold people accountable instead of just telling people to not do stupid things. IT and Legal are cost centers in 99% of organizations, the difference is that if Legal and IT tell the C-suite "We need to do X or else bad things will happen" Legal gets listened to but IT doesn't. This is because if Legal's "do X" fails, the outcome is an expensive lawsuit, but the outcome of IT's "do X" is a blog post about their continuing commitment to the safety and security of their customer's privacy. [0] https://en.wikipedia.org/wiki/National_Cybersecurity_Center_... |
|
|