Assume that it's time for Bob's performance review.

     Bob's boss says he's a great addition to the team. Easy to work
     with!

     And the sales numbers? Hot mama, Bob's smokin'! Mr. Bob surely has
     worked himself toward a big, fat raise!

     Or not. Bob would have gotten a raise, that is, but he got fooled by
     a phishing email and unwittingly invited the bad guys in through the
     front door, torpedoing Widget Industries Ltd's multimillion-dollar
     investment in security systems.

     Fiction! But can you imagine if this were really the way employees
     were assessed? They answer a phishing scam email, they trigger a
     major security breach, and then they're held accountable?

   via [1]Should employees be punished for sloppy cyber security? [POLL] |
   Naked Security.

   A thought experiment, sure, but one that leads in some interesting
   directions.
     __________________________________________________________________

   My original entry is here: [2]Should employees be punished for sloppy
   cyber security? [POLL] | Naked Security. It posted Thu, 19 Sep 2013
   16:40:42 +0000.
   Filed under: InfoSec, Management,

References

   1. http://nakedsecurity.sophos.com/2013/09/12/should-employees-be-punished-for-sloppy-cyber-security-poll/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29
   2. https://www.prjorgensen.com/2013/09/19/should-employees-be-punished-for-sloppy-cyber-security-poll-naked-security/