Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/boblord/statuses/113742575367136655">Bob Lord 🔐 :donor: (boblord@infosec.exchange)'s status on Tuesday, 31-Dec-2024 01:43:32 JST</a><a href="https://infosec.exchange/@boblord" title="boblord@infosec.exchange"><img src="https://gnusocial.jp/avatar/164905-48-20241204111029.webp" width="48" height="48" alt="Bob Lord 🔐 :donor:" style="position: absolute; left: 0; top: 0;">Bob Lord 🔐 :donor:</a><div><a href="https://mastodon.social/@zackwhittaker/113741967221749825" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://mastodon.social/@zackwhittaker" rel="nofollow noreferrer">@zackwhittaker</a> <br>Human error describes the proximate cause of an incident, not the root cause.<br>Human error is a symptom, not the cause, of failure. <br>Human error is a social judgment, not an objective conclusion.<br>Human error is the start of the investigation, not the conclusion.<br>Human error can reveal systemic design flaws in the system that fail to account for human use.<br>Human error as a conclusion will lead to myopic and insufficient remedies like “user education”.<br>Human error is a label that shifts responsibility from system designers to system users who will inevitably fail.</p><p>𝗦𝘆𝘀𝘁𝗲𝗺𝘀 𝘁𝗵𝗮𝘁 𝗳𝗮𝗶𝗹 𝗯𝗲𝗰𝗮𝘂𝘀𝗲 𝗼𝗳 𝗮𝗻 𝗶𝗻𝗻𝗼𝗰𝗲𝗻𝘁 𝗺𝗶𝘀𝘁𝗮𝗸𝗲 𝗯𝘆 𝗮 𝗵𝘂𝗺𝗮𝗻 𝗮𝗿𝗲 𝗱𝗲𝘀𝗶𝗴𝗻𝗲𝗱 𝘁𝗵𝗮𝘁 𝘄𝗮𝘆. 𝗧𝗵𝗲𝘆 𝗮𝗿𝗲 𝗯𝗿𝗶𝘁𝘁𝗹𝗲 𝗯𝘆 𝗱𝗲𝘀𝗶𝗴𝗻.</p><p>If you are curious as to why we should be intolerant of the label “human error” when talking about security incidents, please see Behind Human Error by David Woods and friends.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4281220#notice-8370755">In conversation</a><time datetime="2024-12-31T01:43:32+09:00" title="Tuesday, 31-Dec-2024 01:43:32 JST">about a month ago</time> <span>from <span><a href="https://infosec.exchange/@boblord/113742575367136655" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@boblord/113742575367136655">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Bob Lord 🔐 :donor: (boblord@infosec.exchange)'s status on Tuesday, 31-Dec-2024 01:43:32 JSTBob Lord 🔐 :donor:
in reply to
- Zack Whittaker
@zackwhittaker
Human error describes the proximate cause of an incident, not the root cause.
Human error is a symptom, not the cause, of failure.
Human error is a social judgment, not an objective conclusion.
Human error is the start of the investigation, not the conclusion.
Human error can reveal systemic design flaws in the system that fail to account for human use.
Human error as a conclusion will lead to myopic and insufficient remedies like “user education”.
Human error is a label that shifts responsibility from system designers to system users who will inevitably fail.
𝗦𝘆𝘀𝘁𝗲𝗺𝘀 𝘁𝗵𝗮𝘁 𝗳𝗮𝗶𝗹 𝗯𝗲𝗰𝗮𝘂𝘀𝗲 𝗼𝗳 𝗮𝗻 𝗶𝗻𝗻𝗼𝗰𝗲𝗻𝘁 𝗺𝗶𝘀𝘁𝗮𝗸𝗲 𝗯𝘆 𝗮 𝗵𝘂𝗺𝗮𝗻 𝗮𝗿𝗲 𝗱𝗲𝘀𝗶𝗴𝗻𝗲𝗱 𝘁𝗵𝗮𝘁 𝘄𝗮𝘆. 𝗧𝗵𝗲𝘆 𝗮𝗿𝗲 𝗯𝗿𝗶𝘁𝘁𝗹𝗲 𝗯𝘆 𝗱𝗲𝘀𝗶𝗴𝗻.
If you are curious as to why we should be intolerant of the label “human error” when talking about security incidents, please see Behind Human Error by David Woods and friends.
In conversationabout a month ago from infosec.exchangepermalink

Public

Embed Notice

HTML Code

Corresponding Notice