Skip to main content

Research Repository

Advanced Search

Evaluating information security core human error causes (IS-CHEC) technique in public sector and comparison with the private sector

Evans, Mark; He, Ying; Maglaras, Leandros; Yevseyeva, Iryna; Janicke, Helge

Authors

Mark Evans

Ying He

Iryna Yevseyeva

Helge Janicke



Abstract

Background
The number of reported public sector information security incidents has significantly increased recently including 22% related to the UK health sector. Over two thirds of these incidents pertain to human error, but despite this, there are limited published related works researching human error as it affects information security.

Method
This research conducts an empirical case study into the feasibility and implementation of the Information Security Core Human Error Causes (IS-CHEC) technique which is an information security adaptation of Human Error Assessment and Reduction Technique (HEART). We analysed 12 months of reported information security incidents for a participating public sector organisation providing healthcare services and mapped them to the IS-CHEC technique.

Results
The results show that the IS-CHEC technique is applicable to the field of information security but identified that the underpinning HEART human error probability calculations did not align to the recorded incidents. The paper then proposes adaptation of the IS-CHEC technique based on the feedback from users during the implementation. We then compared the results against those of a private sector organisation established using the same approach.

Conclusions
The research concluded that the proportion of human error is far higher than reported in current literature. The most common causes of human error within the participating public sector organisation were lack of time for error detection and correction, no obvious means of reversing an unintended action and people performing repetitious tasks.

Journal Article Type Article
Acceptance Date Apr 23, 2019
Online Publication Date Apr 27, 2019
Publication Date 2019-07
Deposit Date Dec 6, 2022
Journal International Journal of Medical Informatics
Print ISSN 1386-5056
Publisher Elsevier
Peer Reviewed Peer Reviewed
Volume 127
Pages 109-119
DOI https://doi.org/10.1016/j.ijmedinf.2019.04.019
Public URL http://researchrepository.napier.ac.uk/Output/2969602