Mark Evans
HEART-IS: A novel technique for evaluating human error-related information security incidents
Evans, Mark; He, Ying; Maglaras, Leandros; Janicke, Helge
Authors
Ying He
Leandros Maglaras
Helge Janicke
Abstract
Organisations continue to suffer information security incidents and breaches as a result of human error even though humans are recognised as the weakest link with regard to information security. Despite this level of understanding organisations continue to focus their attention on technical security controls rather than the human factor and have not incorporated methods such as Human Reliability Analysis (HRA) which are used within high reliability sectors such as rail, aviation and energy. The objectives of our research are to define a human error related information security incident and create the novel HEART of Information Security (HEART-IS) technique which is an adaptation of the Human Error Assessment and Reduction Technique (HEART). We conducted a case study within a private sector organisation using HEART-IS to establish if HRA is applicable to information security. The novel HEART-IS technique comprises of a mapping component and an analysis component. In the case study, we applied HEART-IS to map HEART Error Producing Conditions (EPC) to twelve months of reported information security incidents and analysed the volumes of human error and underlying causes. We found that HEART-IS is applicable to the information security field with some minor amendments to the terminology. The mapping of information security incident causes to the HEART Error Producing Conditions (EPC) was successful but the in-built HEART human error probability calculations did not match the actual volumes of reported human error related incidents.
Citation
Evans, M., He, Y., Maglaras, L., & Janicke, H. (2019). HEART-IS: A novel technique for evaluating human error-related information security incidents. Computers and Security, 80, 74-89. https://doi.org/10.1016/j.cose.2018.09.002
Journal Article Type | Article |
---|---|
Acceptance Date | Sep 14, 2018 |
Online Publication Date | Sep 25, 2018 |
Publication Date | 2019-01 |
Deposit Date | Nov 18, 2020 |
Journal | Computers & Security |
Print ISSN | 0167-4048 |
Publisher | Elsevier |
Peer Reviewed | Peer Reviewed |
Volume | 80 |
Pages | 74-89 |
DOI | https://doi.org/10.1016/j.cose.2018.09.002 |
Keywords | General Computer Science; Law |
Public URL | https://nottingham-repository.worktribe.com/output/5038973 |
Publisher URL | https://www.sciencedirect.com/science/article/pii/S0167404818301615?via%3Dihub |
Downloadable Citations
About Repository@Nottingham
Administrator e-mail: digital-library-support@nottingham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search