Published incidents and their proportions of human error

Evans, Mark; He, Ying; Yevseyeva, Iryna; Janicke, Helge

doi:10.1108/ics-12-2018-0147

Cited by 8 publications

(2 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The majority of reported information security incidents and breaches within organizations are as a result of human error [21], [22]. This was confirmed based upon an analysis of published incidents and breaches [23], [24]. Nonetheless, there is a lack of empirical information security research [19] regarding organizational theories.…”

Section: Introductionmentioning

confidence: 94%

Employee Perspective on Information Security Related Human Error in Healthcare: Proactive Use of IS-CHEC in Questionnaire Form

Evans

Luo

et al. 2019

IEEE Access

Self Cite

View full text Add to dashboard Cite

The objective of the research was to establish data relating to underlying causes of human error which are the most common cause of information security incidents within a private sector healthcare organization. A survey questionnaire was designed to proactively apply the IS-CHEC information security human reliability analysis (HRA) technique. The IS-CHEC technique questionnaire identified the most likely core human error causes that could result in incidents, their likelihood, the most likely tasks that could be affected, suggested remedial and preventative measures, systems or processes that would be likely to be affected by human error and established the levels of risk exposure. The survey was operational from 15th November 2018 to 15th December 2018. It achieved a response rate of 65% which equated to 485 of 749 people targeted by the research. The research found that, in the case of this particular participating organization, the application of the IS-CHEC technique through a questionnaire added beneficial value as an enhancement to a standard approach of holistic risk assessment. The research confirmed that the IS-CHEC in questionnaire form can be successfully applied within a private sector healthcare organization and also that a distributed approach for information security human error assessment can be successfully undertaken in order to add beneficial value. The results of this paper indicate, from the questionnaire responses supplied by employees, that organizational focus on its people and their working environment can improve information security posture and reduce the likelihood of associated information security incidents through a reduction in human error. INDEX TERMSHuman error assessment and reduction technique (HEART), human error related information security incidents, human reliability analysis (HRA), information security, IS-CHEC.

show abstract

Section: Introductionmentioning

confidence: 94%

Employee Perspective on Information Security Related Human Error in Healthcare: Proactive Use of IS-CHEC in Questionnaire Form

Evans

Luo

et al. 2019

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…Our findings were constantly interpreted and reviewed in light of existing literature and in consultation with the two participating public and private sector organisations, to ensure that they are consistent and that they accurately reflect the actual events. In addition, the research was undertaken and compared within the two participating organisations simultaneously and the required research material, including the IS-CHEC technique, methods and results, to enable the research to be replicated has been published in this article and prior articles relating to our work [7]- [9], [11], [45], [46].…”

Section: B Data Collection and Analysismentioning

confidence: 99%

Real-Time Information Security Incident Management: A Case Study Using the IS-CHEC Technique

Evans

Luo

et al. 2019

IEEE Access

Self Cite

View full text Add to dashboard Cite

Information security recognised the human as the weakest link. Despite numerous international or sector-specific standards and frameworks, the information security community has not yet adopted formal mechanisms to manage human errors that cause information security breaches. Such techniques have been however established within the safety field where human reliability analysis (HRA) techniques are widely applied. In previous work we developed Information Security Core Human Error Causes (IS-CHEC) to fill this gap. This case study presents empirical research that uses IS-CHEC over a 12 month period within two participating public and private sector organisations in order to observe and understand how the implementation of the IS-CHEC information security HRA technique affected the respective organisations. The application of the IS-CHEC technique enabled the proportions of human error related information security incidents to be understood as well as the underlying causes of these incidents. The study captured the details of the incidents in terms of the most common underlying causes, selection of remedial and preventative measures, volumes of reported information security incidents, proportions of human error, common tasks undertaken at the time the incident occurred, as well as the perceptions of key individuals within the participating organisations through semi-structured interviews. The study confirmed in both cases that the vast majority of reported information security incidents relate to human error, and although the volumes of human error related incidents pertaining to both participating organisations fluctuated over the 12 month period, the proportions of human error remained consistently as the majority root cause.INDEX TERMS Human error assessment and reduction technique (HEART), human error related information security incidents, human reliability analysis (HRA), information security, information security core human error causes (IS-CHEC).

show abstract

Cyber Security Culture as a Resilience-Promoting Factor for Human-Centered Machine Learning and Zero-Defect Manufacturing Environments

Mitcheltree,

Mugurusi,

Holtskog

2023

Flexible Automation and Intelligent Manufacturing: Establishing Bridges for More Sustainable Manufacturing Systems

View full text Add to dashboard Cite

Published incidents and their proportions of human error

Cited by 8 publications

References 27 publications

Employee Perspective on Information Security Related Human Error in Healthcare: Proactive Use of IS-CHEC in Questionnaire Form

Employee Perspective on Information Security Related Human Error in Healthcare: Proactive Use of IS-CHEC in Questionnaire Form

Real-Time Information Security Incident Management: A Case Study Using the IS-CHEC Technique

Cyber Security Culture as a Resilience-Promoting Factor for Human-Centered Machine Learning and Zero-Defect Manufacturing Environments

Contact Info

Product

Resources

About