Evaluating Information Security Core Human Error Causes (IS-CHEC) Technique in Public Sector and Comparison with the Private Sector

Date

2019-04-27

Advisors

Journal Title

Journal ISSN

ISSN

1386-5056

Volume Title

Publisher

Elsevier

Type

Article

Peer reviewed

Yes

Abstract

Background The number of reported public sector information security incidents has significantly increased recently including 22% related to the UK health sector. Over two thirds of these incidents pertain to human error, but despite this, there are limited published related works researching human error as it affects information security.

Method This research conducts an empirical case study into the feasibility and implementation of the Information Security Core Human Error Causes (IS-CHEC) technique which is an information security adaptation of Human Error Assessment and Reduction Technique (HEART). We analysed 12 months of reported information security incidents for a participating public sector organisation providing healthcare services and mapped them to the IS-CHEC technique.

Results The results show that the IS-CHEC technique is applicable to the field of information security but identified that the underpinning HEART human error probability calculations did not align to the recorded incidents. The paper then proposes adaptation of the IS-CHEC technique based on the feedback from users during the implementation. We then compared the results against those of a private sector organisation established using the same approach.

Conclusions The research concluded that the proportion of human error is far higher than reported in current literature. The most common causes of human error within the participating public sector organisation were lack of time for error detection and correction, no obvious means of reversing an unintended action and people performing repetitious tasks.

Description

The file attached to this record is the author's final peer reviewed version.

Keywords

Information security;, Human error assessment and reduction technique (HEART), Information security core human error causes (IS-CHEC), Human error related information security incidents, Human reliability analysis (HRA)

Citation

Evans, M., HE, Y., Yevseyeva, I., Maglaras, L., Janicke, H. (2019) Evaluating Information Security Core Human Error Causes (IS-CHEC) Technique in Public Sector and Comparison with the Private Sector. International Journal of Medical Informatics,

Rights

Research Institute

Cyber Technology Institute (CTI)