当前位置: X-MOL 学术J. Organ. Comput. Electron. Commer. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Should executives go to jail over cybersecurity breaches?
Journal of Organizational Computing and Electronic Commerce ( IF 2.0 ) Pub Date : 2019-01-02 , DOI: 10.1080/10919392.2019.1568713
Dave Chatterjee 1
Affiliation  

ABSTRACT The Consumer Data Protection Act, a new bill introduced by Senator Ron Wyden, is proposing “jail time of up to 20 years for executives who knowingly sign off on incorrect or inaccurate annual certifications of their companies’ data-security practices.” The bill also recommends that companies be fined “up to 4 percent of their annual revenue.” While the critics consider the penalties too harsh and severe, the proposed legislation reflects two key realities – a) active involvement and commitment of senior management is essential to achieving a high level of cybersecurity preparedness; and b) legislation and fear of severe penalties (such as Sarbanes-Oxley Act of 2002 and European Union’s General Data Protection Regulation) is often necessary to motivate desired organizational behavior. In an increasingly digital ecosystem characterized by high levels of electronic connectivity, vulnerability to cyberattacks is growing. Organizations are in a perpetual state of breach with rapidly expanding attack surfaces and evolving threat vectors. Protecting confidential data and related digital assets is becoming critical to survival and success. Senior management must come to terms with this new business reality and give strategic priority to cybersecurity preparedness and investments. Research finds active involvement of top management in cyber risk mitigation initiatives to be a critical success factor and best practice. The onus is also on senior management to create a high-performance security culture founded on three key cornerstones – commitment, preparedness, and discipline. They also must lead the charge in establishing a cybersecurity governance structure characterized by joint ownership, responsibility, and accountability.

中文翻译:

高管是否应该因网络安全漏洞而入狱?

摘要 由参议员罗恩·怀登 (Ron Wyden) 提出的新法案《消费者数据保护法》(Consumer Data Protection Act) 提议“对故意签署不正确或不准确的公司数据安全实践年度认证的高管,最高可判处 20 年监禁。” 该法案还建议对公司处以“高达其年收入 4%”的罚款。虽然批评者认为处罚过于严厉和严厉,但拟议的立法反映了两个关键现实:a) 高级管​​理层的积极参与和承诺对于实现高水平的网络安全准备至关重要;b) 立法和对严厉惩罚的恐惧(例如 2002 年的萨班斯-奥克斯利法案和欧盟的通用数据保护条例)通常是激励期望的组织行为所必需的。在以高水平电子连接为特征的日益数字化的生态系统中,网络攻击的脆弱性正在增加。随着攻击面的迅速扩大和威胁媒介的不断演变,组织始终处于违规状态。保护机密数据和相关数字资产对于生存和成功变得至关重要。高级管理层必须接受这一新的业务现实,并优先考虑网络安全准备和投资。研究发现,高层管理人员积极参与网络风险缓解计划是一个关键的成功因素和最佳实践。高级管理层也有责任创建基于三个关键基石——承诺、准备和纪律的高性能安全文化。
更新日期:2019-01-02
down
wechat
bug