Human Factors and Information Security

Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals. However, numerous technical advancements do not always produce a more secure environment. All kinds of human factors can deeply affect the management of security in an organizational context. Therefore, security is not solely a technical problem; rather, the authors need to understand human factors, which need adequate attention to achieve an effective information security management system practice. This paper identifies direct and indirect human factors that have impact on information security. These factors were analyzed through the study of two security incidents of the UK's financial organizations using the SWOT (Strength, Weaknesses, Opportunities, and Threats) technique. The study's results show that human factors are the main causes for these security incidents. Factors such as training, awareness, and security culture influence organizational strength and opportunity relating to information security. People's irrational behavior and errors are the main weaknesses highlighted in security incidents, which pose threats such as poor reputation and high costs.

Download Full-text

Human factor and information security in higher education

Journal of Systems and Information Technology ◽

10.1108/jsit-01-2014-0007 ◽

2014 ◽

Vol 16 (3) ◽

pp. 210-221 ◽

Cited By ~ 10

Author(s):

Efthymia Metalidou ◽

Catherine Marinagi ◽

Panagiotis Trivellas ◽

Niclas Eberhagen ◽

Georgios Giannakopoulos ◽

...

Keyword(s):

Higher Education ◽

Information Security ◽

Computer Security ◽

Human Factors ◽

Pearson Correlation ◽

Field Research ◽

Content Type ◽

Relationship Of ◽

The Relationship ◽

Positive Effect

Purpose – The purpose of this paper is to investigate the association of lack of awareness and human factors and the association of lack of awareness and significant attacks that threat computer security in higher education. Design/methodology/approach – Five human factors and nine attacks are considered to investigate their relationship. A field research is conducted on Greek employees in higher education to identify the human factors that affect information security. The sample is consisted of 103 employees that use computers at work. Pearson correlation analysis between lack of awareness and nine (9) computer security risks is performed. Findings – Examining the association of lack of awareness with these attacks that threat the security of computers, all nine factors of important attacks exert significant and positive effect, apart from phishing. Considering the relationship of lack of awareness to human factors, all five human factors used are significantly and positively correlated with lack of awareness. Moreover, all nine important attacks, apart from one, exert a significant and positive effect. Research limitations/implications – The paper extends understanding of the relationship of the human factors, the lack of awareness and information security. The study has focused on employees of the Technological Educational Institute (TEI) of Athens, namely, teachers, administrators and working post-graduate students. Originality/value – The paper has used weighted factors based on data collection in higher education to calculate a global index for lack of awareness, as the result of the weighted aggregation of nine (9) risks, and extends the analysis performed in the literature to evaluate the effectiveness of security awareness in computer risk management.

Download Full-text

A Conceptual Framework to Analyze Human Factors of Information Security Management System (ISMS) in Organizations

Lecture Notes in Computer Science - Human Aspects of Information Security, Privacy, and Trust ◽

10.1007/978-3-319-07620-1_26 ◽

2014 ◽

pp. 297-305 ◽

Cited By ~ 4

Author(s):

Reza Alavi ◽

Shareeful Islam ◽

Haralambos Mouratidis

Keyword(s):

Information Security ◽

Human Factors ◽

Conceptual Framework ◽

Management System ◽

Security Management ◽

Information Security Management ◽

Information Security Management System

Download Full-text

The Human Factors Issues in Information Security: What are They and Do They Matter?

Proceedings of the Human Factors and Ergonomics Society Annual Meeting ◽

10.1177/154193129804200408 ◽

1998 ◽

Vol 42 (4) ◽

pp. 439-443

Author(s):

Pamela R. McCauley-Bell ◽

Lesia L. Crumpton

Keyword(s):

Information Technology ◽

Information Systems ◽

Information Security ◽

Human Factors ◽

Human Error ◽

System Security ◽

Security Protocol ◽

Human Interaction ◽

Security Issues

The information technology field has been increasingly plagued by threats to the security of information systems, networks, and communication media. The solutions to these problems have primarily focused on the techniques to more closely safeguard networks (i.e. firewalls) with similar efforts being put into assessing the vulnerabilities of the hardware and software aspects of the systems. With the exception of discussions into more creative password selection, discussion pertaining to the role of the user, can play in reducing the risk of human error and thus promoting system security has been extremely limited. This lecture will present an overview of information security issues impacted by human interaction that may or may not play a role in promoting system security. Understanding that information systems are in fact composed of hardware and software components which must be addressed using traditional information security protocol, this lecture will provide an understanding of the possible risk that the human/user poses to an information system. Once the risks or factors associated with the human in the security of the system are identified, the next question is do the factors matter? The objective of this lecture is to present an intellectual discussion of human factors issues and their impact on information security. This is an important discussion topic that the information technology field can not afford to ignore.

Download Full-text

Research of Human Factors in Information Security

Modern Applied Science ◽

10.5539/mas.v9n5p287 ◽

2015 ◽

Vol 9 (5) ◽

Cited By ~ 1

Author(s):

Boris Ivanovich Skorodumov ◽

Olga Borisovna Skorodumova ◽

Liliya Fedorovna Matronina

Keyword(s):

Information Security ◽

Human Factors

Download Full-text

Exploratory research of information security strategy focused on human factors

The Journal of General Education ◽

10.24173/jge.2017.12.6.4 ◽

2017 ◽

Vol 6 ◽

pp. 103-124

Author(s):

Ryowhoa Lee ◽

Inho Hwang ◽

Sungho Hu

Keyword(s):

Information Security ◽

Human Factors ◽

Exploratory Research ◽

Security Strategy ◽

Information Security Strategy

Download Full-text

Analyzing Human Factors for an Effective Information Security Management System

International Journal of Secure Software Engineering ◽

10.4018/jsse.2013010104 ◽

2013 ◽

Vol 4 (1) ◽

pp. 50-74 ◽

Cited By ~ 8

Author(s):

Reza Alavi ◽

Shareeful Islam ◽

Hamid Jahankhani ◽

Ameer Al-Nemrat

Keyword(s):

Information Security ◽

Human Factors ◽

Management System ◽

Organizational Context ◽

Technical Problem ◽

Security Management ◽

Information Security Management ◽

Information Security Management System ◽

Secure Environment ◽

Security Incidents

Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals. However, numerous technical advancements do not always produce a more secure environment. All kinds of human factors can deeply affect the management of security in an organizational context. Therefore, security is not solely a technical problem; rather, the authors need to understand human factors, which need adequate attention to achieve an effective information security management system practice. This paper identifies direct and indirect human factors that have impact on information security. These factors were analyzed through the study of two security incidents of the UK’s financial organizations using the SWOT (Strength, Weaknesses, Opportunities, and Threats) technique. The study’s results show that human factors are the main causes for these security incidents. Factors such as training, awareness, and security culture influence organizational strength and opportunity relating to information security. People’s irrational behavior and errors are the main weaknesses highlighted in security incidents, which pose threats such as poor reputation and high costs.

Download Full-text

Security Requirements Elicitation

Social and Human Elements of Information Security ◽

10.4018/978-1-60566-036-3.ch018 ◽

2011 ◽

pp. 316-325

Author(s):

Manish Gupta

Keyword(s):

Information Security ◽

Human Factors ◽

Information Assurance ◽

Systems Design ◽

Requirements Elicitation ◽

Security Requirements ◽

Current State ◽

Systems Requirements ◽

State Of Affairs ◽

Electronic Channels

Information security is becoming increasingly important and more complex as organizations are increasingly adopting electronic channels for managing and conducting business. However, state-of-the-art systems design methods have ignored several aspects of security that arise from human involvement or due to human factors. The chapter aims to highlight issues arising from coalescence of fields of systems requirements elicitation, information security, and human factors. The objective of the chapter is to investigate and suggest an agenda for state of human factors in information assurance requirements elicitation from perspectives of both organizations and researchers. Much research has been done in the area of requirements elicitation, both systems and security, but, invariably, human factors are not been taken into account during information assurance requirements elicitation. The chapter aims to find clues and insights into acquisition behavior of human factors in information assurance requirements elicitation and to illustrate current state of affairs in information assurance and requirements elicitation and why inclusion of human factors is required.

Download Full-text

The “Human Factor” in Cybersecurity

Research Anthology on Artificial Intelligence Applications in Security ◽

10.4018/978-1-7998-7705-9.ch087 ◽

2021 ◽

pp. 1960-1977

Author(s):

Lee Hadlington

Keyword(s):

Information Security ◽

Human Factors ◽

Human Factor ◽

Future Research ◽

Malicious Attacks ◽

Insider Threats ◽

Financial Gain ◽

The Right ◽

Malicious Intent ◽

Attention To Detail

A great deal of research has been devoted to the exploration and categorization of threats posed from malicious attacks from current employees who are disgruntled with the organisation, or are motivated by financial gain. These so-called “insider threats” pose a growing menace to information security, but given the right mechanisms, they have the potential to be detected and caught. In contrast, human factors related to aspects of poor planning, lack of attention to detail, and ignorance are linked to the rise of the accidental or unintentional insider. In this instance there is no malicious intent and no prior planning for their “attack,” but their actions can be equally as damaging and disruptive to the organisation. This chapter presents an exploration of fundamental human factors that could contribute to an individual becoming an unintentional threat. Furthermore, key frameworks for designing mitigations for such threats are also presented, alongside suggestions for future research in this area.

Download Full-text