An important aspect of good system design is that users should understand how the system works for their benefit. The attribute ‘informed’ is defined in the Big Blue Book of SABSA (Enterprise Security Architecture: A Business Driven Approach, Sherwood, Clark and Lynas) as follows:

“The user should be kept fully informed about services, operating procedures, operational schedules, planned outages, and so on.”

The Attributer and The Attributer’s Wife recently had a nice holiday. One of the visitor attractions that they experienced was to bathe in the hot waters of a famous thermal spring where, in a modern visitor centre, one can enjoy floating in the open-air pool of hot mineral water from deep in the earth, water that fell as rain 10,000 years ago. It is indeed a great thing to do on holiday. Why is this relevant? Because the facility has a ‘system’ for payment, entry and managing time slots.

At the entrance a nice young man explained that there is an entry fee for two hours of time. There is also a café that the couple planned to use for lunch. He told them that any time used in the café would be added to the two hours so that they could stay as long as needed in the café without wasting the time slot. He gave them each a ‘smart wrist band’ so they could charge any food and drink to the smart chip. He told them they should swipe the chip on entering the café and on exit (well, that’s what they both heard). They were verbally given an exit time, to which any time in the café would be added.

Now, ask yourselves, readers, given this information, would you too make the following assumptions?

  • Assumption 1: The smart chip records time of entry into the main facility and in and out of the café.
  • Assumption 2: The smart chip also records the amount spent in the café that can be paid on exit from the main facility. 

So they got their towels, dressing gowns and slippers, changed out of street clothes, and went to find the café. There they encountered a young lady whose English language skills were limited. She was also very dismissive and quite rude. She refused to scan the smart wristbands and said that she would scan them when she ‘gave them their order’ (she meant ‘bill’, they later learned). They waited a long time to be served and became quite agitated by this passing of time, because it seemed to them that their time was being wasted, their wrist bands not having been scanned. Some strong words were exchanged which did not lessen their confusion (yes, they had been misinformed) and they were not experiencing the calm relaxation promised.

Finally, another server, a man who spoke real English, attended them. He explained that the ‘smart chips’ had no knowledge of time (assumption 1) and only recorded the amount spent on food and drink (assumption 2). The server would tell them when they left how long they had been there and they could then add that on to their exit time. The time management is an entirely manual process and depends wholly on the trusted behaviour of the customer to be honest about when to leave (!!!). So, they had it half right. The Attributer had assumed (incorrectly) that this ‘smart’ system was fully automated and had a security level that would prevent fraudulent use of time. Sometimes it pays to be dumb and not analyse everything, but if one is a systems engineer one tends to do it all the time.

Systems are built from processes supported by technology, but the most important system components are the people – designers, operators and users. If the information given by some of the people to other people is wrong, then no technology can fix that. It’s just a broken process. That is why in SABSA we take a ‘total systems requirements approach’ to systems engineering, and keep everyone correctly informed.


The Attributer