Published incidents and their proportions of human error
Purpose - The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error. Methodology - This paper analyses recent published incidents and breaches to establish the proportions of human error, and where possible subsequently utilises the HEART human reliability analysis technique, which is established within the safety field. Findings - This analysis provides an understanding of the proportions of incidents and breaches that relate to human error as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field. Originality - This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches in order to understand the proportions that relate to human error
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.
Citation : He, Y., Janick, H., Evans, M. and Yevseyeva, I. (2019) Published incidents and their proportions of human error. Information and Computer Security, 27 (3), pp. 343-357
ISSN : 2056-4961
Research Institute : Cyber Technology Institute (CTI)
Peer Reviewed : Yes