|Will you break a security policy if you know it is neither enforced nor monitored AND that there can be no repercussions whatsoever (and YOU personally don't think it is sensible)?|
|Yes, if I REALLY need to do something (53%) |
|Yes, sure! No enforcement - no compliance. (17%) |
|No (17%) |
|No, not if I created the policy (7%) |
|Other - leave comments (3%) |
|28 total votes|
What it means - to me - is that security people are people too :-) This pretty much rhymes with what I said in my first WSJ post here: if users feel that they need (and CAN!) bypass security to do their work, they will ...
UPDATE: the entire WSJ "blood trail" is tagged here. Especially fun bits are here, here and here.