The challenge we sometimes face is how to characterize that responsibility. Is our responsibility to limit liability for our organizations? Or is it a duty of care to the people whose information we store? What values are we using when we make decisions about cyber risk, and what bias do those values create in our decisions? Are we forwardlooking enough, or will the decisions we make to fix our problems today create other problems in the future? As Benjamin Franklin once said, “All human situations have their inconveniences. We feel those of the present but neither see nor feel those of the future; and hence we often make troublesome changes without amendment, and frequently for the worse.” As security and privacy professionals, a key part of our role is to ensure the right dialogue and debate occurs. We need to ask “high-contrast” questions that sharply define the implications of the choices our organizations make. We need to make sure that the opportunities are as clearly defined as the obligations to mitigate risk, so that our organizations make the right decisions. And we need to take equal responsibility for the outcomes of those choices, as opposed to abdicating that responsibility solely to the business. Once the choice is made, we must transition out of the debate about what is right and focus on taking the right actions—on making tomorrow better than today.
Listed by Unglue.it.
