Avoiding the cybersecurity blame game

2024-05-29 04:30

To me, if someone follows procedures exactly but the procedure itself has been poorly designed, apportioning any blame to the individual is both unfair and counterproductive.

It's all very well saying, "Don't blame the individual, blame the company".

If we blame the designers of controls, processes and procedures well, we are just shifting blame, which is still counterproductive.

You're familiar with using Dropbox, and the internally-provided tool is inadequate - so what do you do? By not understanding what your job is and assuming they know what kind of tools you need, "Security" makes it difficult for you to do your job.

Managers should implement a circular, collaborative approach to creating a frictionless, safer environment, working positively and without blame.

Perhaps security teams need to reacquaint themselves with it, or remind themselves of its benefits, so we can get away from the blame game and do a better job of preventing incidents involving humans.

News URL

https://www.helpnetsecurity.com/2024/05/29/processes-controls-company-policies/

#cybersecurity