The application of mistake-proofing to organisational security management

One of the factors most important to achieving global competitiveness is good-quality security management. Two significant concerns in undertaking security management are spiralling preventive costs and the occurrence of security incident. Although there have been many studies on technical security management, few have been investigated from an organisational security management perspective. Furthermore, quality management and security management have a similar ultimate goal - namely, to prevent defects. Mistake-proofing is a preventive action taken to identify and eliminate the root causes of defects. The ultimate goal of the current study is the application of the mistake-proofing tools in security management. A taxonomy of security management approaches is defined from the organisational security management perspective, and by applying the Delphi method, a relationship matrix between the taxonomy of security management and the 10 types of human error is investigated. The relationship matrix can be used as a mistake-proofing tool in creating preventive strategies that relate to organisational security management. The feasibility and usability of the relationship matrix are demonstrated by taking up three case studies of security failure.