Development of a Model for Determining the Impact of Password Authentication Practices on Information Security

Carstens, Deborah Sater; McCauley-Bell, Pamela; Malone, Linda C.

doi:10.1177/154193120004400213

Cited by 18 publications

(41 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An example of this category would be an authorized user of a system who is unable to access a system due to forgetting his or her password. Given the above definitions, a human-error security incident is defined as any human-error-related event that compromises information's confidentiality, integrity, or accessibility (Carstens et al, 2004).…”

Section: Information Securitymentioning

confidence: 99%

“…Preliminary research conducted in the area of the human impact on information security indicated that 37% of survey participants never change their work and/or school passwords and that 69% of survey participants never change their personal passwords (Carstens et al, 2004). The same research indicated that when prompted to replace a current password, 43% of survey participants changed their work and/or school passwords back to a password they had used in the past; 33% of survey participants indicated changing their personal passwords back to an old password as well.…”

Section: Human Error In Information Securitymentioning

confidence: 99%

See 1 more Smart Citation

Applying Chunking Theory in Organizational Password Guidelines

Carstens¹,

Malone²,

McCauley-Bell³

2006

JIITO

View full text Add to dashboard Cite

This research evaluates the human impact that password authentication issues have on the security of information systems within organizations. This research resulted in the creation of password guidelines for authentication with passwords based on Miller's (1956) and Cowan's (2001) chunking theory research and a model for predicting the vulnerability that a particular set of conditions have on the likelihood of error in an information system. The findings indicate that human error associated with password authentication can be significantly reduced through the use of passwords that are composed of meaningful data for the user and that meet technical requirements for strong passwords.

show abstract

Section: Information Securitymentioning

confidence: 99%

Section: Human Error In Information Securitymentioning

confidence: 99%

Applying Chunking Theory in Organizational Password Guidelines

Carstens¹,

Malone²,

McCauley-Bell³

2006

JIITO

View full text Add to dashboard Cite

show abstract

“…(Dourish, dl Flor & Joseph 2003) (Carstens et al 2004) (Adams, Sasse & Lunt 1997) (Werlinger et al, 2009) (Veiga & Eloff 2009) (Kraemer and Carayon, 2005) (Kraemer et al, 2009) (Knapp, Marshall & Rainer 2006) (Pattinson and Anderson, 2007) (Tsohou et al, 2006). The research most closely related to the topic is described below.…”

Section: Human and Organizational Factors Causing Vulnerabilitiesmentioning

confidence: 99%

Security mistakes in information system deployment projects

Sommestad

Ekstedt

Holm

et al. 2011

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

Purpose -This paper aims to assess the influence of a set of human and organizational factors in information system deployments on the probability that a number of security-related mistakes are in the deployment. Design/methodology/approach -A Bayesian network (BN) is created and analyzed over the relationship between mistakes and causes. The BN is created by eliciting qualitative and quantitative data from experts of industrial control system deployments in the critical infrastructure domain. Findings -The data collected in this study show that domain experts have a shared perception of how strong the influence of human and organizational factors are. According to domain experts, this influence is strong. This study also finds that security flaws are common in industrial control systems operating critical infrastructure.Research limitations/implications -The model presented in this study is created with the help of a number of domain experts. While they agree on qualitative structure and quantitative parameters, future work should assure that their opinion is generally accurate. Practical implications -The influence of a set of important variables related to organizational/human aspects on information security flaws is presented. Social implications -The context of this study is deployments of systems that operate nations' critical infrastructure. The findings suggest that initiatives to secure such infrastructures should not be purely technical. Originality/value -Previous studies have focused on either the causes of security flaws or the actual flaws that can exist in installed information systems. However, little research has been spent on the relationship between them. The model presented in this paper quantifies such relationships.

show abstract

“…With the introduction of biometric devices into various sectors of economy, there should be more education on this technology (Moody, 2004). More education and simple tips on how users should choose and manage passwords may avoid the problem of weak passwords, human errors, and exposure to intruders (Carstens, McCauley-Bell, & DeMara, 2004). The course has to be based on the model of teaching students a combination of theoretical concepts and hands on practice of security.…”

Section: Achieving Better Awareness Education In Information Securitymentioning

confidence: 99%

A Perspective on Achieving Information Security Awareness

Hentea¹

2005

IISIT

View full text Add to dashboard Cite

The guidelines "Towards a Culture of Security" emphasize a culture of security in all aspects of information systems, from designing and planning through to everyday use, and among all participants, from government down through business to consumers. In response to national needs, Information Security education has become a priority for many educational institutions in US for the past years. More universities and colleges have established courses or specialized programs to teach Information Security skills to students enrolled in degrees related to computers such as computer information systems, computer engineering, and computer science. However, there are aspects of the security education model that need attention. This paper discusses these issues including changes to improve security awareness education. Through close coordination between faculty, industry, government agencies, and universities, the critical education of future graduates, Information Technology professionals, Information Security professionals, and public can be accelerated.

show abstract

Development of a Model for Determining the Impact of Password Authentication Practices on Information Security

Cited by 18 publications

References 3 publications

Applying Chunking Theory in Organizational Password Guidelines

Applying Chunking Theory in Organizational Password Guidelines

Security mistakes in information system deployment projects

A Perspective on Achieving Information Security Awareness

Contact Info

Product

Resources

About