http://www.veracode.com/blog/2007/09/security-policy-without-enforcement-doesnt-work/ Application security testing, analysis, and metrics Tue, 15 May 2012 22:16:53 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://www.veracode.com/blog/2007/09/security-policy-without-enforcement-doesnt-work/comment-page-1/#comment-564 Dave Lewis Sat, 15 Sep 2007 18:33:34 +0000 http://www.veracode.com/blog/?p=60#comment-564 This is one of the most maddening parts of the job in information security. There seems to be a almost tacit agreement among HR folks to NOT enforce policy when it comes to internal employees who have violated policy. Time and again I have heard the refrain "oh, it was just this one time." Rather disconcerting. This is one of the most maddening parts of the job in information security. There seems to be a almost tacit agreement among HR folks to NOT enforce policy when it comes to internal employees who have violated policy. Time and again I have heard the refrain “oh, it was just this one time.” Rather disconcerting.

]]> http://www.veracode.com/blog/2007/09/security-policy-without-enforcement-doesnt-work/comment-page-1/#comment-562 Liquidmatrix Security Digest » Security Briefing: September 14th Fri, 14 Sep 2007 14:07:50 +0000 http://www.veracode.com/blog/?p=60#comment-562 [...] Security Policy Without Enforcement Doesn’t Work [...] [...] Security Policy Without Enforcement Doesn’t Work [...]

]]>