In the Challenger accident report, the “information environment” was found to be a significant contributing factor to creating the conditions for the costly (money & lives) consequences.

Can the information environment also be leading to more #CyberSecurity #breaches ?

🧵
Dekker writes “reconstructing or studying the information environment in which actual decision are shaped, in which loca rationality is constructed, can help us penetrate processes of organisational sensemaking”
Something particularly highlighted was the use of “bullets” used to summarise things. “One after the other of these little goddamn bullets in briefing books and slides” says Feynman
“Bullets filled up the information environment of NASA engineers and managers at the COST of other data and representations”. A particular page used the word ‘significantly’ 5 times with meanings ranging from “ability to see calibrated tests” up to “everyone onboard would die”
“The slide weakened important material, & the life threatening nature of the data on it was lost behind bullets and abbreviated statements” We all agree that security needs to talk in business terms, but when we aggregate information for management, do we not run this risk too?
By expressing security concerns in the “normal business terms” we achieve the benefit of normalisation against other business pressures supporting informed decision making by execs, but we also increase the likelihood of bringing to life the potential viability-affecting nature
Of the problems we wish to illustrate. I think this has significant implications into how we organise reporting and how we setup BOTH our executive security information environments as well as the operational ones.
The abstractions we use, the way we represent the data, ideally creating some dissonance between achievement of team or org objectives and which make it harder to “rationalise complex and risky decisions”
I don’t know what the best approaches are, but I’m convinced that it needs to be a consideration on the way we design security reporting at all levels so our message doesn’t get lost in a sea of abstractions and summarisations
You can follow @madplatt.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.