You CAN Stop Stupid. Ira Winkler
tion id="u5cd8a132-f9de-5c27-bd1e-d58d1675b9bf">
Table of Contents
1 Cover
3 Introduction What Is Stupid? Do You Create Stupidity? How Smart Organizations Become Smart Not All Industries Are as Smart Deserve More Reader Support for This Book
4 I: Stopping Stupid Is Your Job 1 Failure: The Most Common Option History Is Not on the Users’ Side Today's Common Approach We Propose a Strategy, Not Tactics 2 Users Are Part of the System Understanding Users' Role in the System Users Aren't Perfect “Users” Refers to Anyone in Any Function Malice Is an Option What You Should Expect from Users 3 What Is User-Initiated Loss? Processes Culture Physical Losses Crime User Error Inadequate Training Technology Implementation UIL Is Pervasive
5
II: Foundational Concepts
4 Risk Management
Death by 1,000 Cuts
The Risk Equation
Risk Optimization
Risk and User-Initiated Loss
5 The Problems with Awareness Efforts
Awareness Programs Can Be Extremely Valuable
Check-the-Box Mentality
Training vs. Awareness
The Compliance Budget
Shoulds vs. Musts
When It's Okay to Blame the User
Awareness Programs Do Not Always Translate into Practice
Structural Failings of Awareness Programs
Further Considerations
6 Protection, Detection, and Reaction
Conceptual Overview
Protection
Detection
Reaction
Putting It All Together
7 Lessons from Safety Science
The Limitations of Old-School Safety Science
Most UIL Prevention Programs Are Old-School
The New School of Safety Science
Putting Safety Science to Use
Safety Culture
The Need to Not Remove All Errors
When to Blame Users
We Need to Learn from Safety Science
8 Applied Behavioral Science
The ABCs of Behavioral Science
Engineering Behavior vs. Influencing Behavior
9 Security Culture and Behavior
ABCs of Culture
Types of Cultures
Subcultures
What Is Your Culture?
Improving Culture
Behavioral Change Strategies
Is Culture Your Ally?
10 User Metrics
The Importance of Metrics
The Hidden Cost of Awareness
Types of Awareness Metrics
Day 0 Metrics
Deserve