Comments on: Human Error http://newschoolsecurity.com/2010/02/human-error/ The Blog Inspired By The Book Tue, 07 Feb 2012 02:09:16 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Donald Johnston http://newschoolsecurity.com/2010/02/human-error/#comment-1115 Donald Johnston Tue, 09 Mar 2010 00:13:09 +0000 http://newschoolsecurity.com/?p=1367#comment-1115 One of the main items in the "Problem Management" part of "Systems Management" is to track the call logs to identify any consistency in issues that might point to a need for training. The point is to reduce call volumes by having properly trained personnel. Sounds like a fairly simple concept that could be applied to problems (accidents) in any other industry. Maybe even in Information Security??? Too often I see simple security problems going on-and-on and nothing being done about it. For example, bad habits around the choice and use of passwords ... but most users still don't know why they need to bother! And the point about "the cost associated with doing so was considered to be prohibitive" ... seems like, subconsciously, they did a risk assessment and decided to "accept the risk" (of losing sensitive data) rather then to "mitigate it". One of the main items in the “Problem Management” part of “Systems Management” is to track the call logs to identify any consistency in issues that might point to a need for training. The point is to reduce call volumes by having properly trained personnel.

Sounds like a fairly simple concept that could be applied to problems (accidents) in any other industry. Maybe even in Information Security??? Too often I see simple security problems going on-and-on and nothing being done about it. For example, bad habits around the choice and use of passwords … but most users still don’t know why they need to bother!

And the point about “the cost associated with doing so was considered to be prohibitive” … seems like, subconsciously, they did a risk assessment and decided to “accept the risk” (of losing sensitive data) rather then to “mitigate it”.

]]> By: Human Error and Incremental Risk « The New School of Information Security http://newschoolsecurity.com/2010/02/human-error/#comment-1048 Human Error and Incremental Risk « The New School of Information Security Wed, 24 Feb 2010 19:33:09 +0000 http://newschoolsecurity.com/?p=1367#comment-1048 [...] About the book « Human Error [...] [...] About the book « Human Error [...]

]]>