Upload
dustin-collins
View
79
Download
2
Tags:
Embed Size (px)
Citation preview
Dustin Collins● software engineer● devops enthusiast● meetup organizer● developer advocate at Conjur
95 percent of all security incidents involve human error
IBM Security Services 2014 Cyber Security Intelligence Index report
human error
‘Human error’ blamed for Rogers online security breach
Healthcare breaches need a cure for human errors
Human error causes most data breaches, Ponemon study finds
Human Error Blamed for Most UK Data Breaches
Human error is the root cause of most data breaches
Human error causes alarming rise in data breaches
Human Error: The Largest Information Security Risk To Your Organization
Huge rise in data breaches and it’s all your fault
Data breaches caused mostly by negligence and glitches
“human error”
we can do better
http://amzn.com/B00Q8XCSFI
Old View● Asks who is responsible
for the outcome
● Sees human error as the cause of trouble
● Human error is random, unreliable behaviour
● Human error is an acceptable conclusion of an investigation
two views of “human error”
New View● Asks what is responsible
for the outcome
● Sees human error as a symptom of deeper trouble
● Human error is systematically connected to features of people’s tools, tasks and operating environment
● Human error is only the starting point for further investigation
“
Rather than being the main instigators of an accident, operators tend to be the inheritors of system defects created by poor design, incorrect installation, faulty maintenance and bad management decisions. Their part is usually that of adding the final garnish to a lethal brew whose ingredients have already been long in the cooking.
http://amzn.com/0521314194
When we’re dealing with complex systems, the magnitude of a cause is often not proportionate to the magnitude of its effect
warning signs
● security policy is not visible● security is at odds with how work
gets done● developers use a different workflow
than production● documentation featuring warnings● talking processes, not people● audits are time-consuming
references
Sidney Dekker
● “Just Culture” Lecture (video)● A Field Guide to Understanding ‘Human Error’● Just Culture: Balancing Safety and
Accountability
● Human Error - James Reason● The Design of Everyday Things - Dan Norman● Universal Principles of Design - William Lidwell