Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Published incidents and their proportions of human error

Published incidents and their proportions of human error This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time, the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error.Design/methodology/approachThis paper analyses recent published incidents and breaches to establish the proportions of human error and where possible subsequently uses the HEART (human error assessment and reduction technique) human reliability analysis technique, which is established within the safety field.FindingsThis analysis provides an understanding of the proportions of incidents and breaches that relate to human error, as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field.Originality/valueThis research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches to understand the proportions that relate to human error. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information & Computer Security Emerald Publishing

Published incidents and their proportions of human error

Download PDF
15 pages

Loading next page...
 
/lp/emerald-publishing/published-incidents-and-their-proportions-of-human-error-kOnlLPyIdd
Publisher
Emerald Publishing
Copyright
© Emerald Publishing Limited
ISSN
2056-4961
DOI
10.1108/ics-12-2018-0147
Publisher site
See Article on Publisher Site

Abstract

This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time, the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error.Design/methodology/approachThis paper analyses recent published incidents and breaches to establish the proportions of human error and where possible subsequently uses the HEART (human error assessment and reduction technique) human reliability analysis technique, which is established within the safety field.FindingsThis analysis provides an understanding of the proportions of incidents and breaches that relate to human error, as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field.Originality/valueThis research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches to understand the proportions that relate to human error.

Journal

Information & Computer SecurityEmerald Publishing

Published: Jun 19, 2019

Keywords: Information security; Human error; Incidents; Breaches; HEART; GISAT

References

  • An information security risk-driven investment model for analysing human factors
    Alavi, R.; Islam, S.; Mouratidis, H.
  • Human‐related problems of information security in East African cross‐cultural environments
    Asai, T.; Hakizabera, A.U.
  • Probability and security – pitfalls and chances
    Braband, J.; Schäbe, H.
  • Human factors engineering in healthcare systems: the problem of human error and accident management
    Cacciabue, P.C.; Vella, G.
  • Human reliability analysis methods selection guidance for NASA
    Chandler, T.; Chang, J.; Mosleb, A.J.M.; Boring, R.; Gertman, D.
  • Information security: listening to the perspective of organisational insiders
    Choi, S.; Martins, J.T.; Bernik, I.
  • Human behaviour as an aspect of cybersecurity assurance
    Evans, M.; Maglaras, L.A.; He, Y.; Janicke, H.
  • HEART-IS: a novel technique for evaluating human error-related information security incidents
    Evans, M.; Maglaras, L.; He, Y.; Janicke, H.
  • Core human error causes (IS-CHEC) technique in public sector and comparison with the private sector
    Evans, M.; He, Y.; Maglaras, L.; Yevseyeva, I.; Janicke, H.
  • Analysis of published public sector information security incidents and breaches to establish the proportions of human error
    Evans, M.; He, Y.; Yevseyeva, I.; Janicke, H.
  • Human aspects of information assurance: a questionnaire-based quantitative approach to assessment
    Frangopoulos, E.D.; Eloff, M.M.; Venter, L.M.
  • Enhancing security behaviour by supporting the user
    Furnell, S.; Khern-am-nuai, W.; Esmael, R.; Yang, W.; Li, N.
  • Exploring the role of work identity and work locus of control in information security awareness
    Hadlington, L.; Popovac, M.; Janicke, H.; Yevseyeva, I.; Jones, K.
  • Cultural and psychological factors in cyber-security
    Halevi, T.; Memon, N.; Lewis, J.; Kumaraguru, P.; Arora, S.; Dagar, N.; Aloul, F.; Chen, J.
  • Improving the redistribution of the security lessons in healthcare: an evaluation of the generic security template
    He, Y.; Johnson, C.
  • Are root cause analyses recommendations effective and sustainable? An observational study
    Hibbert, P.D.; Thomas, M.J.W.; Deakin, A.; Runciman, W.B.; Braithwaite, J.; Lomax, S.; Prescott, J.; Gorrie, G.; Szczygielski, A.; Surwald, T.; Fraser, C.
  • Why not comply with information security? An empirical approach for the causes of non-compliance
    Hwang, I.; Kim, D.; Kim, T.; Kim, S.
  • Data security incident trends
  • Human aspects of information security
    Komatsu, A.; Takagi, D.; Takemura, T.
  • Understanding human performance in sociotechnical systems – steps towards a generic framework
    Kyriakidis, M.; Kant, V.; Amir, S.; Dang, V.N.
  • Understanding and transforming organizational security culture
    Lacey, D.
  • Human reliability analysis in healthcare: a review of techniques
    Lyons, M.; Adams, S.; Woloshynowych, M.; Vincent, C.
  • Cyber-analytics: modeling factors associated with healthcare data breaches
    McLeod, A.; Dolezel, D.
  • A systematic literature review: information security culture
    Mahfuth, A.; Yussof, S.; Baker, A.A.; Ali, N.
  • Reliable behavioural factors in the information security context
    Mayer, P.; Kunz, A.; Volkamer, M.
  • The human factor of information security: unintentional damage perspective
    Metalidou, E.; Marinagi, C.; Trivellas, P.; Eberhagen, N.; Skourlas, C.
  • RCA improving root cause analyses and actions to prevent harm
  • Understanding user behaviour through action sequences: from the usual to the unusual
    Nguyen, P.H.; Turkay, C.; Andrienko, G.; Andrienko, N.; Thonnard, O.; Zouaoui, J.
  • Information governance incidents closed
  • The human aspects of information security questionnaire (HAIS-Q): two further validation studies
    Parsons, K.; Calic, D.; Pattinson, M.; Butavicius, M.; McCormac, A.; Zwaans, T.
  • Incident reporting schemes and the need for a good story
    Rooksby, J.; Gerry, R.M.; Smith, A.F.
  • Information security management and the human aspect in organizations
    Stewart, H.; Jürjens, J.
  • ISO/IEC 27001 – Information security management systems — requirements
  • An empirical study of root-cause analysis in information security management implementation of information security management system and risk management view project an empirical study of root-cause analysis in information security management
    Wangen, G.B.; Hellesen, N.; Wangen, G.; Torres, H.; Braekken, E.
  • An integrated view of human, organizational, and technological challenges of IT security management
    Werlinger, R.; Hawkey, K.; Beznosov, K.
  • Heart–a proposed method for achieving high reliability in process operation by means of human factors engineering technology
    Williams, J.C.