Why post-breach corporate PR-speak should be carefully parsed with great scepticism
An incident isn’t necessarily a breach, a breach isn’t necessarily an avoidance breach, and it’s not always a notifiable one either. The post is less confusing than this excerpt, I promise.
Risky behaviour: what not to punish in a Just Culture
How a ‘Just Culture’ is essential for effective risk management
What does ‘human error’ really mean, and is it a good enough excuse for an organisation to use when something goes wrong?