Sunday, June 04, 2006

Your purchase free without receipt

Bruce Schneier writes about aligning those who are interested in security with those who have the capability to do something about it:

So here's what the employer does: he hires the customer. By putting up a sign saying "Your purchase free if you don't get a receipt," the employer is getting the customer to guard the employee. The customer makes sure the employee gives him a receipt, and employee theft is reduced accordingly.

There is a general rule in security to align interest with capability. The customer has the capability of watching the employee; the sign gives him the interest.

No comments: