Standards versus culture

In my corporate technology risk working history, i have come across various situations where the emphasis is on the policies & standards and less on the implementation. There is a big disconnect. Various discussions can go on for weeks about what kind of data classification (rating high, medium or low for confidentiality, integrity and availability) is most appropriate for a certain asset (application) yet no discussions take place about what kind of security measures or attached to the classification or who is going to implement and maintain it. Or lengthy discussions about the interpretation of some kind of government security standard, regardless of what it does in terms of risk management.

However, I have always been surprised about the ethical standards in photojournalism. There seems to be some kind of standard but much more a widely accepted agreement of ‘thou shall not photo-shop images’. Whenever in a newsbulletin some kind of altered image is detected, the condemnation is always unanimous. The culture exceeds the standards

Same as here, where FoxNews posted a real badly sloppy edited image. See the sharp line on the right of the picture.

No idea who owns the standards (Associated Press?) and it doesn’t matter since everyone agrees with the same held belief that one should not alter images used in news reporting.

Examples of digital altered images are here and here.

Another twist in standards:

Source: XKCD