Shocking … how can you be an online digital technology company and NOT have a CSO or CISO? We can see if you were an offline company and had delegated security responsibility to to some other C-level person or a VP or two. If your network gets compromised then at least you might still be able to provide your product or service manually. But if your company’s primary revenue is based on an ad- and subscription-based website and you don’t have infosec representation at the C-level, you are definitely starting off on the wrong foot. Oh and to answer that question … yes, we think so.
LinkedIn, the social network that’s investigating the pilfering of what could be more than 6.5 million of its members’ hashed passwords, has neither a chief information officer nor chief information security officer.
“We don’t currently have executives with those specific titles, but David Henke, senior vice president, operations, oversees the functions,” a LinkedIn spokesperson wrote in response to my inquiry.
LinkedIn isn’t the first technology company to experience a breach that has lacked a specific senior executive responsible for assuring the security of its data and systems. Two of the most prominent breaches of 2011 – to security provider RSA and consumer electronics giant Sony – occurred when neither of those companies had a CISO. Both, however, employed a CIO at the time.
LinkedIn has suffered a security breach with no CSO/CISO. Coincidence, or does this reaffirm the need for security representation at the C-level? Today’s post pic is from CarouselIndustries.com.