In the wake of this month's LinkedIn password breach, rumors began circulating on Twitter that the social network lacked a chief information security officer (CISO), leading many commentators to posit that the company hadn't treated its information security program with sufficient respect. LinkedIn, however, quickly clarified that while it didn't have a CISO--or synonymous chief security officer (CSO)--job title on its org chart, there was indeed a senior-level employee in charge of its information security program.
The security facts of the LinkedIn breach, including how attackers managed to obtain databases with possibly 10 million or more access credentials, as yet remain unanswered. But the "lacks a CISO" criticism of LinkedIn--however misguided--is a reminder that senior executives must keep close track of their organizations' security postures, as well as the risk it poses to the business.
Read the full article here .