Have you ever "whitewashed" a real security risk?
Yes, on my own10%
Yes, because I was asked33%
No, but I have been asked17%
No, and never been asked39%
1127 PARTICIPANTS
Sort By:
Oldest
Board Member, Advisor, Executive Coach in Software4 years ago
My view is that we all need to be careful of the "coaching" we may get and understand if we are being coached on how to manage the message around risks to other so a productive discussion can occur or is someone "coaching" to massage the message to "white wash it" or "water it down" so it doesn't appear so bad ... I have had both experiencesBoard Member, Advisor, Executive Coach in Software4 years ago
WOW - 76% have either white washed risk or have been asked to ...Director of Information Security in Energy and Utilities3 years ago
I agree it seems very unrealistic. Most likely people didn't quite get the actual question of what it means to "whitewash". Im fairly certain its 76% who have done it to a degree where you needed to help close a security assessment/complete business deal.
Director of Product Management in Software4 years ago
How should you respond when asked to white-wash a security risk? How does the CISO protect themselves from unfairly taking the blame and being held liable? check out: https://www.pulse.qa/post/how-respond-asked-to-white-wash-security-risk-how-ciso-protect-themselves-unfairly-taking-blame-being-held-liableDirector of Information Security in Energy and Utilities3 years ago
this is a dangerous territory. Make sure you check in with your self ethic dept.CIO in Services (non-Government)3 years ago
Never