I'm reacting to HN discussions of the desirability of criminalizing being a CSO at a company which had a security breach. Ignoring how counterproductive that would be and focus just on will it achieve the societal goal: illegalizing X is not a sufficient process control!
-
-
Show this thread
-
"Someone robbed the bank and now depositors have lost their money!" "THEY SHOULD MAKE A LAW!" We *had the law*! The money is still gone! There need to be a few dozen things that a bank does as a matter of course because it is in a universe where crime exists!
Show this thread
End of conversation
New conversation -
-
-
"Blame is the enemy of safety."
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Personally, I see two main options for improving things at the policy level: 1) criminalize mistakes at the employee level, 2) increase civil liability at the corporate level.
-
Behaviorally speaking, that’s likely to have the opposite effect you think it will (and not very predictably opposite at that).
- 1 more reply
New conversation -
-
-
True, but it is an interesting indicator that the Panera contact used to hold a senior position at Equifax.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.