Evaluating information security core human error causes (IS-CHEC) technique in public sector and comparison with the private sector
Evans, Mark; He, Ying; Maglaras, Leandros; Yevseyeva, Iryna; Janicke, Helge
Prof Leandros Maglaras L.Maglaras@napier.ac.uk
The number of reported public sector information security incidents has significantly increased recently including 22% related to the UK health sector. Over two thirds of these incidents pertain to human error, but despite this, there are limited published related works researching human error as it affects information security.
This research conducts an empirical case study into the feasibility and implementation of the Information Security Core Human Error Causes (IS-CHEC) technique which is an information security adaptation of Human Error Assessment and Reduction Technique (HEART). We analysed 12 months of reported information security incidents for a participating public sector organisation providing healthcare services and mapped them to the IS-CHEC technique.
The results show that the IS-CHEC technique is applicable to the field of information security but identified that the underpinning HEART human error probability calculations did not align to the recorded incidents. The paper then proposes adaptation of the IS-CHEC technique based on the feedback from users during the implementation. We then compared the results against those of a private sector organisation established using the same approach.
The research concluded that the proportion of human error is far higher than reported in current literature. The most common causes of human error within the participating public sector organisation were lack of time for error detection and correction, no obvious means of reversing an unintended action and people performing repetitious tasks.
Evans, M., He, Y., Maglaras, L., Yevseyeva, I., & Janicke, H. (2019). Evaluating information security core human error causes (IS-CHEC) technique in public sector and comparison with the private sector. International Journal of Medical Informatics, 127, 109-119. https://doi.org/10.1016/j.ijmedinf.2019.04.019
|Journal Article Type||Article|
|Acceptance Date||Apr 23, 2019|
|Online Publication Date||Apr 27, 2019|
|Deposit Date||Dec 6, 2022|
|Journal||International Journal of Medical Informatics|
|Peer Reviewed||Peer Reviewed|
You might also like
An Efficient Localization and Avoidance Method of Jammers in Vehicular Ad Hoc Networks
The industrial control system cyber defence triage process
Human behaviour as an aspect of cybersecurity assurance