Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cybersecurity.theater/users/tweedge/statuses/110886074222473829">Chris Partridge (tweedge@cybersecurity.theater)'s status on Monday, 14-Aug-2023 21:51:51 JST</a><a href="https://cybersecurity.theater/@tweedge" title="tweedge@cybersecurity.theater"><img src="https://gnusocial.jp/avatar/58513-48-20221207235734.webp" width="48" height="48" alt="Chris Partridge" style="position: absolute; left: 0; top: 0;">Chris Partridge</a></section><article><p>I tell ya hwat, I don't think most of the <a href="https://cybersecurity.theater/tags/InfoSec" rel="tag">#InfoSec</a> field is ready for a Safety-II mindset. Just look at how differently the human factor is considered in Safety-I and Safety-II ... that certainly rings a bell with all the user-blaming I've seen :/</p><p>Maybe someday.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/1946646#notice-3821455">In conversation</a><time datetime="2023-08-14T21:51:51+09:00" title="Monday, 14-Aug-2023 21:51:51 JST">about a year ago</time> <span>from <span><a href="https://cybersecurity.theater/@tweedge/110886074222473829" rel="external" title="Sent from cybersecurity.theater via ActivityPub">cybersecurity.theater</a></span></span><a href="https://cybersecurity.theater/@tweedge/110886074222473829">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1405588">Safety-I and Safety-II are two  views of what makes a system safe, where Safety-II is a more modern and proactive view of safety that has driven record safety in the airline industry. For comparison, Safety-I defines safety as "as few things as possible go wrong" while Safety-II defines safety as "as many things as possible go right." Safety-I also categorizes the human factor as a hazard or liability, while Safety-II categorizes the human factor as necessary for system resilience. More information is available in this PDF on page 21: https://skybrary.aero/sites/default/files/bookshelf/2437.pdf</a></label><br><a href="https://files.cybersecurity.theater/media_attachments/files/110/886/029/531/315/172/original/b2e308009bb207ad.png" rel="external">https://files.cybersecurity.theater/media_attachments/files/110/886/029/531/315/172/original/b2e308009bb207ad.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Chris Partridge (tweedge@cybersecurity.theater)'s status on Monday, 14-Aug-2023 21:51:51 JST Chris Partridge
I tell ya hwat, I don't think most of the #InfoSec field is ready for a Safety-II mindset. Just look at how differently the human factor is considered in Safety-I and Safety-II ... that certainly rings a bell with all the user-blaming I've seen :/
Maybe someday.
In conversationabout a year ago from cybersecurity.theaterpermalink
Attachments
1. Safety-I and Safety-II are two views of what makes a system safe, where Safety-II is a more modern and proactive view of safety that has driven record safety in the airline industry. For comparison, Safety-I defines safety as "as few things as possible go wrong" while Safety-II defines safety as "as many things as possible go right." Safety-I also categorizes the human factor as a hazard or liability, while Safety-II categorizes the human factor as necessary for system resilience. More information is available in this PDF on page 21: https://skybrary.aero/sites/default/files/bookshelf/2437.pdf
  https://files.cybersecurity.theater/media_attachments/files/110/886/029/531/315/172/original/b2e308009bb207ad.png

Public

Embed Notice

HTML Code

Corresponding Notice