The senior management of an organization has the duty of protecting the organization from losses as a result of natural disasters, malicious code, compromise of proprietary information, damage to reputation, violation of the law, employee privacy suits, and stockholder suits.
Senior management must adhere to the prudent man rule, which obligates them to perform their duties with the same diligence and care that ordinary, prudent people would under similar circumstances. Exercising due care means that senior management must apply mechanisms to prevent the organization’s IT infrastructure from being used as a tool to attack another organization’s IT system. Inability to follow the prudent man rule would make that individual liable under the Federal Sentencing Guidelines of 1997.