Systems Security Certified Practitioner – SSCP – Question0647

Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if:

A.
The company is not a multi-national company.
B. They have not exercised due care protecting computing resources.
C. They have failed to properly insure computer resources against loss.
D. The company does not prosecute the hacker that caused the breach.

Correct Answer: B

Explanation:

Culpable negligence is defined as: Recklessly acting without reasonable caution and putting another person at risk of injury or death (or failing to do something with the same consequences)
Where a suspected security breach has been caused (through wilful intent or culpable negligence) disciplinary action may be sought in line with the appropriate misconduct guidelines for internal employees.
By not exercising Due Care and taking the proper actions, the executives would be liable for losses a company has suffered.
Reference(s) used for this question:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. and http://www.thefreedictionary.com/culpable+negligence