Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One important cause of Normalization of Deviance is when an organization stays misaligned at the top about what the norms actually are. The effect of this is that:

1. Some folks at the top will shout about the norms being violated and nobody listening to them.

2. Folks underneath them will struggle to get buy-in on initiatives to follow best practices.

3. Folks underneath them at an individual contributor level will struggle to tell the difference between following established best practices (or good practices in a complex adaptive system) and getting distracted.

For an illustrative narrative of this, consider the character John from The Phoenix Project.

Patrick Lencioni writes about this in books like The Five Dysfunctions of a Team and The Advantage. For a quick read on part of this, see: https://hbr.org/2002/07/make-your-values-mean-something



  1. We have SSO, therefore everyone should be able to memorize their password.
  2. Oops, we actually have 20+ passwords for everybody, and require several of them to be changed every month or two.
  3. Many passwords aren't used every day.
  4. Writing passwords down is forbidden.
  5. The usual stupid restrictions are in place on what kind of password can be used.
  6. Resetting passwords is a cumbersome process that requires human intervention via a ticketing system and not just clicking on "forgot password".
  7. A subset of passwords are set up by the help desk, do not expire, and do not have an obvious way to change them, so it seems certain 99% of users don't.
But this all is typical of a large organization that's making an effort, and something such as, say, a small nonprofit with no in-house IT, is much worse in my experience.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: