- Liability:
- If the question is who is ULTIMATELY liable, the answer is Senior Leadership. This does not mean you are not liable; you may be, that depends on Due Care. Who is held accountable, who is to blame, who should pay?
- Due Diligence and Due Care:
- Due Diligence – The research to build the IT Security architecture of your organization. Best practices and common protection mechanisms. Research of new systems before implementing.
- Due Care – Prudent Person Rule – What would a Prudent Person do in this situation?
- Implementing the IT Security architecture, keep systems patched. If compromised: fix the issue, notify effected users (Follow the Security Policies to the letter).
- Negligence (and Gross Negligence) is the opposite of Due Care.