A recent survey conducted by Tufin Technologies, a provider of firewall
management software, finds that of the 242 IT professionals working at companies
with over 1,000 employees, 30 percent said they audited their firewall security
only once in every five plus years. So when those systems are ultimately
compromised, and then used to harm systems elsewhere, who should be liable?
Obviously, the perpetrator of the crime is primarily responsible. But shouldn't
the organization that failed to take reasonable security measure carry some
burden of the blame?
