So Users Never Ignore Protocols?
>>>> "Secretary Bowen’s top-to-bottom review was designed to ignore security procedures and protocols that are used during every election," according to a statement from Diebold.
If Diebold seriously thinks that written procedures, protocols, and policies will always be followed in detail, and bases their systems' security on this belief, they are hallucinating and I'd like some of what they're smoking.
We've just read about a Verisign employee ignoring protocols and policies and losing a laptop full of goodness as a result. Not that the occurrence was anything special, just the latest example of human failing.
If you want security, do NOT depend on human beings carefully following that 1235 page policy & procedures manual you wrote. If you do, you, or your customers, will be in for a rude awakening.
Secretary Bowen's review was absolutely correct in disregarding "security prodecures & protocols." The issue isn't what can happen if everyone does what they are supposed to; it's what can happen when someone does something they aren't supposed to.