Recently, a Washington DC prosecutor declined to prosecute a former Washington METRO employee accused of theft. He was found to have taken home nine laptop computers, a power generator, a DVD player, a BlackBerry wireless device, a color printer, a digital camera, lots of tools and a computer monitor. The prosecutor wrote that the absence of enforcement of policy “served to create an atmosphere where such behavior, although not explicitly condoned or excused, was part of an implicitly tolerated practice.”
Source: The Washington Times
There is a lesson there for us in IT Security. It is a bad idea to have policy that doesn’t match practice. Additionally better asset management should be in place to prevent such activity.