Richard Stocks@GossiTheDog @hacks4pancakes One of the most interesting talks I’ve seen in recent years was about how an org had applied their overall culture of zero blame in safety incidents to security as well.
Just as the driver for safety is to use incidents as a learning exercise, taking the same approach with security incidents led to an environment where people felt safe to report mistakes, knowing that they wouldn’t be reprimanded or suffer any consequences.
Result?
Everyone feels comfortable to report even issues proactively, which has put the response teams on the front foot and measurably improved their overall security posture.
They also scrapped the fake phishing campaigns, which were felt to be creating a feeling of “they’re always trying to trick us or catch us out.”
All GNU social JP content and data are available under the