Читать книгу Security Awareness For Dummies - Ira Winkler - Страница 43

A critical philosophy adopted in safety science says that if an employee injures themselves, it’s a failure of the entire system. The idea is that a user should never be in a position where they can injure themselves, and even if they are injured, the extent of the injury should be minimized.

Safety science identifies these three phases to an injury:

 The environment that puts a user in a position where they can injure themselves

 The action that creates the injury

 The response to the injury

Safety experts first focus on creating a workplace that is less likely to cause an injury. For example, I spoke to the safety manager at a manufacturing company where I was creating an awareness program, who told me that the company had problems with forklifts hitting employees inside a warehouse. After studying a variety of alternatives, company leaders decided on the simple act of painting yellow lines down the aisles of the warehouse. Employees were to walk on one side, and forklifts were to stay on the other side. This strategy stopped approximately 90 percent of accidents involving forklifts.

Because you can never completely remove the possibility of injury, you must consider that users will be in a position to injure themselves. Safety science then studies the role of awareness, as well as what IT professionals call the user experience. If a user is operating a piece of equipment that is too big for them, for example, they can injure themselves. Likewise, if the user doesn’t know how to properly use the equipment, they can injure themselves. Even if the user does know what to do, they might not do it as intended.

As I discuss in Chapter 1, you have to work with other teams to create a resilient environment, and when you know your environment, you can train people how best to use it.

Just because a user is aware of what to do doesn’t mean that they will do it. They may not have mastered the information. They might know what to do and not have motivation to do it. They might want to implement the awareness information, but they might be in a rush and take shortcuts. For many reasons, even an aware user might not follow awareness guidance.