Hacker News new | past | comments | ask | show | jobs | submit login

Honestly, isn’t 90% of compliance like that? Checking boxes...



The thing is, people are very good at checking boxes, and not very good at remembering important things.

So while it may seem inane, plain old checking boxes is almost certainly part of a good strategy for dealing with tedious, repetitive tasks where one error can cause serious issues - and this kind of security is probably one of those.

Obviously, it's not enough, nor an excuse to turn off your brain - but it's a pretty proven behavioral pattern.


Sure I mean it’s a lot of CYA regulation-wise. Because if you chose a solution which is arguably better but not part of the list and the one on the list which is a worse solution isn’t checked, well you’d better have your resume ready when something happens.


Flying is a great example of 'checking boxes' saving lives.


Having worked a lot with security compliance, I'll say there are two types of things you do:

1. The things for compliance.

2. The things for security.

Only rarely does something fit in both categories.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: