Events , Leadership & Executive Communication , RSA Conference
What Executive Liability Means for a CISO
Varied Cybersecurity Executives Share Prevention and Protection AdviceExecutive liability, where decision-makers face personal liability for making professional decisions, is a topic trending yet again as former Uber CSO Joe Sullivan was recently sentenced to probation and a fine for his role in covering up a data breach that affected tens of millions of Uber account holders.
See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware
It's crucial for executives to understand their role, build a relationship with the board and maintain clear and constant communication, said Rick Doten, CISO of Healthcare Enterprises and International subsidiaries at Centene Corp.
"Technical people don't make business decisions. As long as you know that, you defer up to the CEO or the board that this is a business decision, and it's not my decision," he said.
In this video of a panel discussion sponsored by CyberEdBoard and recorded at RSA Conference 2023 - Doten; Solomon Adote, chief security officer for the state of Delaware; Aravind Swaminathan, global co-chair for cybersecurity and data privacy at Orrick, Herrington & Sutcliffe; Rocco Grillo, managing director of global cyber risk services and incident response investigations at Alvarez & Marsal; and Ankur Ahuja, global vice president and CISO at Fareportal Inc. - also discuss:
- Juggling compliance with blocking and tackling cyberthreats;
- Interpretation of regulations that apply to distinct situations;
- How executives can protect themselves and their organizations from liability.
Doten is vice president of information security at Centene Corp., CISO for Centene's Healthcare Enterprise and international subsidiaries and CISO of Carolina Complete Health Medicaid health plan. With more than 25 years of experience, he has led several ethical hacking, incident response and forensics, and risk management teams.
Adote leads an information security program charged with protecting the Delaware state network, systems, applications and data. He has more than 20 years of experience in IT with a focus on cybersecurity. He designs information security programs and oversees the deployment of some of the industry's leading technologies.
As a strategic cybersecurity adviser, Swaminathan advises clients on cybersecurity strategy to plan for crises, improve resiliency, protect their business and defend against litigation and enforcement.
Grillo leads multidisciplinary teams who provide cyber risk and incident response services to clients globally. He and his teams work with the FBI, the U.S. Secret Service and other government agencies in combatting cyber crimes. His expertise in commercial sector challenges helped influence the development of the NIST Cybersecurity Framework.
Ahuja is responsible for securing all Fareportal digital brands, including CheapOair.com and OneTravel.com. He has more than 15 years of experience in cybersecurity consulting and industry leadership and is a security board adviser to Payworld and ZebPay.
CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.