At certain situations, enforcement of policy relies on administrative control when technical controls are not feasible.

But how do we ensure no offender? No, we can’t. The only thing we can do is to establish consequence-based deterrent enforced by laws & regulations. The most severe deterrent is death sentence.

A traffic sign prohibits vehicle longer than 10m or over 10 tones on left turn as illustrated. There is no stopping you to do so but if your truck exceeds this limit and still turning left, your truck might be trapped in the road curve blocking other road users, crashing vehicle in the opposite lane, or damaging any other third party properties. Then you are fully accountable for civil offence if negligence or criminal offence if deliberately doing so.

Similarly, management always talks about how to stop insider threats in dealing with cybersecurity. The same philosophy applies – discrepancy action for employees or contractual obligation for business partners with litigation as the last resort. The essential point is to demonstrate there is documented process to address insider threats rather than aiming at zero incident.

Leave a Reply