SSCP Question #528: Real Exam Question with Answer & Explanation

The correct answer is B: They have not exercised due care protecting computing resources.. Culpable negligence holds executives personally liable when they fail to exercise due care - meaning they did not take reasonable, prudent steps to protect computing resources. Due care is the legal standard requiring that organizations implement safeguards a reasonable person wo

Submitted by valeria.br· Apr 18, 2026Security Concepts and Practices

Question

Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if:

Options

AThe company is not a multi-national company.
BThey have not exercised due care protecting computing resources.
CThey have failed to properly insure computer resources against loss.
DThe company does not prosecute the hacker that caused the breach.

Explanation

Culpable negligence holds executives personally liable when they fail to exercise due care - meaning they did not take reasonable, prudent steps to protect computing resources. Due care is the legal standard requiring that organizations implement safeguards a reasonable person would implement. Insurance (C), prosecution of attackers (D), and company size/nationality (A) are not the determining factors; the failure to apply due diligence and due care in protecting assets is what establishes liability.

Topics

#Culpable Negligence#Executive Liability#Due Care#Information Security Governance

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions