Submitted via IRC for SoyCow5743
On Friday, Equifax announced that two top executives would be retiring in the aftermath of the company's massive security breach that affected 143 million Americans.
According to a press release, the company said that its Chief Information Officer, David Webb, and Chief Security Officer, Susan Mauldin, would be leaving the company immediately and were being replaced by internal staff. Mark Rohrwasser, who has lead Equifax's international IT operations, is the company's new interim CIO. Russ Ayres, who had been a vice president for IT at Equifax, has been named as the company's new interim CSO.
The notorious breach was accomplished by exploiting a Web application vulnerability that had been patched in early March 2017.
However, the company's Friday statement also noted for the first time that Equifax did not actually apply the patch to address the Apache Struts vulnerability (CVE-2017-5638) until after the breach was discovered on July 29, 2017.
Source: https://arstechnica.com/tech-policy/2017/09/equifax-cio-cso-retire-in-wake-of-huge-security-breach/
(Score: 4, Insightful) by Anonymous Coward on Monday September 18 2017, @12:07PM
All the way down, but it should always start from the very top. Most often, someone at the bottom just takes the blame.
It should be, the CEO gets the blame, takes the responsibility, but if he can show his reports were doing an improper job then he can move part of the blame to them. Only part, because he is still responsible for hiring/promoting them, for checking and verifying they do a proper job, ...
It doesn't work in the other direction, if an employee tells: we should do X because of this thing Y, and his superior says no, the employee can't fire his boss.