- If the question is who is ULTIMATELY liable, the answer is Senior Leadership. This does not mean you are not liable; you may be, that depends on Due Care. Who is held accountable, who is to blame, who should pay?
- Due Diligence and Due Care:
- Due Diligence – The research to build the IT Security architecture of your organization. Best practices and common protection mechanisms. Research of new systems before implementing.
- Due Care – Prudent Person Rule – What would a Prudent Person do in this situation?
- Implementing the IT Security architecture, keep systems patched. If compromised: fix the issue, notify effected users (Follow the Security Policies to the letter).
- Negligence (and Gross Negligence) is the opposite of Due Care.
- If a system under your control is compromised and you can prove you did your Due Care you are most likely not liable.
- If a system under your control is compromised and you did NOT perform Due Care you are most likely liable.
IT & Cyber Security trainer
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.