That they have not hired the right leadership for security, implemented the right program, and then taken the correct tactical steps (for Gawker: exercising an incident response plan, implementing password complexity and use requirements, having an intrusion management strategy, having a data breach plan) in the context of an overall information security strategy.

FORBES: Discussing Gawker's Breach With Founder Nick Denton

The CEO must be able to create core processes, to have a strategy, to develop a performance management system, to organize and plan.

FORBES: A Global Leader's Perspective on CEO Leadership: Part One

The new strategy was first outlined in the December 2010 25-Point Implementation Plan to Reform Federal IT Management.

WHITEHOUSE: Introducing the IT Shared Services Strategy