Читать книгу You CAN Stop Stupid - Ira Winkler - Страница 36

There are a wide variety of decisions made in the implementation of technology. These design decisions drive the interactions and capabilities provided to the end users. Although it is easy to blame end users when they commit an act that inevitably leads to damage, if the design of the system leads them to commit the harmful action, it is hard to attribute the blame solely to the end user. Such is the case in attempting to blame the Lion Air and Ethiopian Airlines pilots of the doomed Boeing 737 MAX airplanes.

In the implementation of technology, there are many common design issues that essentially automate loss. Programming errors can cause the crash of major computer systems. If this happens to a financial institution, transactions can be blocked for hours. If it happens to an airline's schedule systems, planes can be grounded until the problem is resolved.

People maintaining systems fail to properly maintain and update them for a variety of reasons. Trucks that are not properly maintained will break down. Computers that are not properly maintained may crash or be more easily hacked. Such was the case with the Equifax hack. As we described earlier, one administrator failed to update one system, which allowed the criminals into their infrastructure. Other failings, including a simple maintenance function of renewing a digital certificate, which is essentially paying a fee, caused the data breach to go undetected. No end user initiated a loss in this case, but other people initiated the loss through their actions, and as we explained in Chapter 2, anyone who interacts with the system should be considered to be a user who can initiate loss.

Another category of loss that many professionals fail to consider is the disposal of equipment. Just about all technology seems to have local storage. Before an organization discards computers, they generally know to remove the storage drives. Many people know that they should delete everything on their cellphones. However, many organizations and individuals fail to consider that the same diligence should apply to printers, copy machines, and other devices that had access to the organization's network or data.

If a loss results from the decisions, actions, or inactions of a person, it is a loss that you have to consider in your risk reduction plans, and that includes loss that relates to design and maintenance.