Of course, failure does happen in cybersecurity or IT. It’s just that this whole blame culture of fright, silence, and repeating mistakes gives rise to something else. Instead, what if we started using incidents as learning opportunities for further improvement?
Beyond Blame by J. Paul Reed scrutinizes the old blame mentality and advocates for a blameless culture, where investigation is focused upon understanding underlining causes of occurrence rather than finger pointing. This is conducive not just to innovation but heightens security as well.
How do we move past the blame?
Open discussions about failures with no fear of repercussion
Systemic rather than individual assessment of failure
Focus on learning and solutions, not guilt and consequences
Take action for improvements through constructive post-mortems
Have you experienced a situation in which a Beyond Blame approach made a difference? Let’s discuss in the comments section below!