Whose Responsibility is it Anyway?
It's so easy to pawn off responsibility to someone else. We all do it at some point. But at what point do we need to be responsible? And who needs to be responsible? Quite often on projects we work with a whole lot of different people, teams or organisations for the same end result. These days a project can have the business owner, the project team, IT, architects, P&C, some SaaS providers, an MSP, an MSSP, why not throw in the whole alphabet with an IaaS platform and a security consultancy to do the independent assurance (Hi!).
Who really is responsible? What are they responsible for? And what are our responsibilities to one another? Let's talk about it (and if your answer is the CISO, 9 / 10 you are probably wrong).
