Initially posted on June 13, 2014 @ 9:04 PM
Gloves and Glasses Compliance
By Dr Robert Lengthy
I’m wondering what number of security folks will hit on this weblog simply due to the title? I did surprise for a while what extra petty a title I might current however determined this may do. What a tragic state when the bottom defence within the Hierarchy of Controls attracts the best attraction. I’m wondering why this has turn out to be the pattern? Is it as a result of the mantra of the trade is danger aversion? Is it as a result of PPE is really easy to police? Is it as a result of the air area is filled with zero? Is it as a result of the SWMS money cow has deluded everybody into considering that high quality is decided by quantity? Possibly it’s all of this stuff.
Then there would be the PPE police who will solely learn that I believe it’s good to injure eyes and fingers and this isn’t the purpose. The nice previous binary mindset has to see black and white to the exclusion of 1 choice in favour of one other. Studying to learn past binary considering permits a reader to think about ‘both-and’ not ‘either-or’ considering. Studying find out how to learn and write will not be about literacy however about semiology. Many individuals suppose that studying is simply studying, phrases are simply semantics however studying critically and studying as a considering course of doesn’t come naturally. One of many greatest challenges for folks doing the Submit Graduate Program within the Psychology of Threat is studying find out how to learn and articulate concepts. It’s a disgrace that studying find out how to learn and articulate concepts will not be a part of customary security coaching.
For these , I’ve developed a variety of instruments (dozens in actual fact) that assist develop main in danger. One such instruments is the iThink™ Important Considering Clock (Determine 1. beneath) as a software to assist learn to learn, suppose and write. That is considered one of many instruments I exploit with shoppers within the danger maturity journey.
Determine 1. iThink™ Important Considering Clock
It’s as a result of studying and data is cumulative, linear and ‘scaffolded’ (Vygotsky) that functionality in studying, considering and articulation of concepts is one thing one learns developmentally over time. Because of this the Threat and Security Maturity Matrix launched beforehand, must be considered as a complete relatively than as a segmented metaphor. An understanding of studying intelligences and schooling/revelation is vital on this regard. The overall concept of the iThink clock is to ‘sweep’ by a variety of rational and non-rational processes in tackling a difficulty, downside or concept.
The truth is, all danger evaluation is a choice making that features the fixed shuffling of priorities and choices. This can be a vital side of managing the evolution of hazards. Threat determination making is greatest when it’s fluid and adaptable relatively than fastened. While it’s good to have guiding instruments, additionally it is good to have the ability to suppose exterior of the design of the software. Sadly, if the thoughts of the workforce is made to obsess about low danger and checklists (again to the subject of this weblog), how a lot is that this a distraction from a give attention to the excessive danger and fluid nature of the office.
One of many best duties on a security stroll or danger evaluation is to ‘hit’ the apparent and visual issues. Checklists do job of focusing the considering of members if they aren’t doing a ‘tick and flick’. Sadly, it’s hardly ever what we are able to see that harms folks. It’s principally the invisible issues, the issues folks don’t see coming and the cultural issues that hurt us. Are we so preoccupied with the physicality of hazards that we have now turn out to be desensitized to observing and listening for top danger invisible hazards? Are we so consumed with the best way a guidelines shapes considering that we’re shedding the craft of unbiased important considering? Are we so consumed with tagging that we don’t hear how poisonous cynicism, skepticism and double communicate are to security tradition? The place are folks skilled within the expertise required to ask open questions, observe (not spy) and pay attention for cultural indicators? Do security folks even know what cues to pay attention and search for? In my security coaching I name this having an ‘iCue’ ™ not an IQ. Studying find out how to observe and pay attention for cultural indicators (iCues) will not be easy, tradition isn’t just techniques, PPE and habits. Once more, studying find out how to recognise iCues doesn’t come naturally and in some respects requires some ‘unlearning’ of a lot of security myths and strategies which might be deceptive and hinder efficient danger evaluation.
One of many attention-grabbing sights for the various tier 1 security individuals who attend the Submit Grad Program is studying to know and suppose extra critically about danger. With out exception all of them say after Unit 3 that little of what they’ve been launched to within the Program is taken into account by their corporations. Most remark that the best way danger is addressed is slender, formulistic and closed. Certainly, most remark that it’s a straight jacket to suit into relatively than a software to help free and demanding occupied with danger. It was considered one of these individuals who informed me his firm did a 2 hour induction for utilizing a vacuum cleaner.
So, ought to we put on gloves and glasses? After all, if they assist handle danger. Is PPE what danger is all about? You resolve.