The Human Factor of Information Security: Unintentional Damage Perspective

Metalidou, Efthymia; Marinagi, Catherine; Trivellas, Panagiotis; Eberhagen, Niclas; Skourlas, Christos; Γιαννακόπουλος, Γεώργιος

doi:10.1016/j.sbspro.2014.07.133

Cited by 59 publications

(42 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors of [54] suggest that to effectively communicate security risks, users should be categorized according to their IT knowledge. Whereas a user education approach in risk communication that improves user's self-confidence and stresses on his responsibility of his own protection is recommended by authors of [19][55] [56]. However, [51] argue that due to the timing and used terminology, information security threats warnings are easily and often ignored.…”

Section: Related Workmentioning

confidence: 99%

The Design and Evaluation of a User-Centric Information Security Risk Assessment and Response Framework

Alohali¹,

Clarke²,

Furnell³

2018

ijacsa

View full text Add to dashboard Cite

The risk of sensitive information disclosure and modification through the use of online services has increased considerably and may result in significant damage. As the management and assessment of such risks is a well-known discipline for organizations, it is a challenge for users from the general public. Users have difficulties in using, understanding and reacting to security-related threats. Moreover, users only try to protect themselves from risks salient to them. Motivated by the lack of risk assessment solutions and limited impact of awareness programs tailored for users of the general public, this paper aims to develop a structured approach to help in protecting users from threats and vulnerabilities and, thus, reducing the overall information security risks. By focusing on the user and that different users react differently to the same stimuli, the authors developed a user-centric risk assessment and response framework that assesses and communicates risk on both user and system level in an individualized, timely and continuous way. Three risk assessment models were proposed that depend on user-centric and behavior-related factors when calculating risk. This framework was evaluated using a scenario-based simulation of a number of users and results analyzed. The analysis demonstrated the effectiveness and feasibility of the proposed approach. Encouragingly, this analysis provided an indication that risk can be assessed differently for the same behavior based upon a number of user-centric and behavioralrelated factors resulting in an individualized granular risk score/level. This granular risk assessment, provided a more insightful evaluation of both risk and response. The analysis of results was also useful in demonstrating how risk is not the same for all users and how the proposed model is effective in adapting to differences between users offering a novel approach to assessing information security risks.

show abstract

Section: Related Workmentioning

confidence: 99%

The Design and Evaluation of a User-Centric Information Security Risk Assessment and Response Framework

Alohali¹,

Clarke²,

Furnell³

2018

ijacsa

View full text Add to dashboard Cite

show abstract

“…Then we should judge the distance from the endpoint to the edge of the fingerprint image. If it is less than the threshold value, remove it [5]. The way of eliminating internal pseudo feature points is as follows: there're 4 types internal pseudo feature points, short -term, burr, bridge and ring.…”

Section: B Extraction Of Fingerprint Image Featurementioning

confidence: 99%

The Design of Smart Grid Identity Authentication System Based on Fingerprint Identification

Xiuqing¹,

Ji-min²,

Qiao³

et al. 2016

Proceedings of 2016 International Conference on Modeling, Simulation and Optimization Technologies and Applications (MSOTA2016)

View full text Add to dashboard Cite

For the problem of the safe integration between Internet and the smart grid, a server based on C/S mode of fingerprint information and user information registration was used in power system and a fingerprint acquisition system based on C/S mode was designed, realizing the collection of fingerprint image processing and extraction of characteristic value. A database was established on the server, using ADO.NET technology to access the database and operate it. The smart grid authenticated access login information management system based on B/S pattern was designed by invoking the ActiveX controls library through the web page.

show abstract

“…Despite this, the information security community does not have a thorough understanding of what constitutes a human error and often resorts to general basic awareness or training on information security following an incident rather than dealing with the causal factors (Mahfuth et al, 2017). Current practices fall regularly short of identifying the actual root cause of human error related information security incidents even though people are recognized as being the weakest link in information security controls (Metalidou et al, 2014;Halevi et al, 2017;Mahfuth et al, 2017;Parsons et al, 2017;Furnell et al, 2018). There are also no established human error information security frameworks in practice to enable not only effective resolution of human error related information security incidents but also the prevention of these events.…”

Section: Introductionmentioning

confidence: 99%

Published incidents and their proportions of human error

Evans

Yevseyeva

et al. 2019

ICS

View full text Add to dashboard Cite

Purpose This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time, the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error. Design/methodology/approach This paper analyses recent published incidents and breaches to establish the proportions of human error and where possible subsequently uses the HEART (human error assessment and reduction technique) human reliability analysis technique, which is established within the safety field. Findings This analysis provides an understanding of the proportions of incidents and breaches that relate to human error, as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field. Originality/value This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches to understand the proportions that relate to human error.

show abstract

The Human Factor of Information Security: Unintentional Damage Perspective

Cited by 59 publications

References 6 publications

The Design and Evaluation of a User-Centric Information Security Risk Assessment and Response Framework

The Design and Evaluation of a User-Centric Information Security Risk Assessment and Response Framework

The Design of Smart Grid Identity Authentication System Based on Fingerprint Identification

Published incidents and their proportions of human error

Contact Info

Product

Resources

About