Sometimes it helps motivate action to perform a thought experiment. After the horrifying breach of OPM many agency heads are probably thinking “how can I ensure I never have to face a grilling by Congress for a failure to protect critical data?” That is the thought that is prevalent today in DC. I propose a slightly different way to think about it.
If you are an agency head, CEO, or responsible for a large project that involves lots of sensitive data, take a moment to do the following.
1. Take a walk. Get away from the office. Find a quiet place to sit and think.
2. Now imagine the worst case scenario. You get a call from the FBI informing you of a breach. (Or Brian Krebs if you are a bank, retailer, or online “dating” site.) Ideally that call should come from your head of IT security, but the most poorly prepared organizations do not even know when they are breached (see Nortel.) Your most valuable information has been stolen. You don’t know how, you don’t know when, and you don’t know who. It may even come as a surprise that you were entrusted with that particular set of data.
via Forbes - Leadership