Security awareness and training programs are primarily concerned with incidents resulting from deliberate or intentional threats such as hackers and malware. This module explores mistakes, errors, accidents and other situations that inadvertently cause problems with the integrity of information, such as:
- Using inaccurate data, often without realizing it;
- Having to make decisions based on incomplete and/or out-of-date information;
- Mistakes when designing, developing, using and administering IT systems, including those that create or expose vulnerabilities to further incidents (such as hacks and malware);
- Misunderstandings, untrustworthiness, unreliability etc. harming the organization’s reputation and its business relationships.
Mistakes are even more numerous than hacks and malware but thankfully most are trivial or inconsequential, and many are spotted and corrected before any damage is done. However, serious incidents involving inaccurate or incomplete information do occur occasionally, reminding us (after the fact!) to be more careful about what we are doing.
The awareness material takes a more proactive angle, encouraging workers to take more care with information especially when handling (providing, communicating, processing or using) particularly important business- or safety-critical information – when the information risks are greater.
- Introduce the topic, describing the context and relevance of mistakes to information risk and security;
- Expand on the associated information risks and security controls;
- Offer information and practical advice motivating people to think - and most of all act – so as to reduce the number and severity of mistakes involving information;
- Foster an error-intolerant corporate culture through greater awareness, accountability and focus on information quality and integrity.
Consider your learning objectives in relation to mistakes, errors etc. Does your organisation have persistent problems in this area? Is this an issue that deserves greater attention from staff and management, perhaps in one or more departments, sites/business units or teams? Have mistakes ever led to significant incidents?
Mistakes, errors and accidents awareness
Awareness and training materials to reduce the number and severity of accidental, unintentional incidents involving information.