"If a rule is broken and there is no consequence, then the rule is in effect meaningless."
Are there examples where this statement could be true? Why or why not? Do you recognize any circumstances where employees should not comply with an IT Security Policy or Standard published by their employer? If yes, why?