Re: No more Mr Nice Guy
“ why is putting company directors inside not do-able? ”
Directors direct, workers do.
Typically directors will issue instructions that can be vague and open to interpretation.
If a director issued a directive to ensure compliance, and something was found that wasn’t in compliance was it the directors fault or the manager responsible for the thing not in compliance or the team or individual who was responsible for the compliance? What if a 3rd party pen test was done that didn’t find it? What if it was secure originally and something changed after and no one noticed?
The director can’t be expected to have expert knowledge in everything they are responsible for, that’s why they have lots of people in their directorate.
If the director deliberately instructed something to be insecure then yes they should go to jail. If the director wasn’t woolly enough in their instructions leading to questions about their leadership then they will be the scapegoat and find hey don’t survive in that job and may not get another directorship.
Biting the hand that feeds IT
