• Login
    View Item 
    •   DORA Home
    • Faculty of Computing, Engineering and Media
    • School of Computer Science and Informatics
    • View Item
    •   DORA Home
    • Faculty of Computing, Engineering and Media
    • School of Computer Science and Informatics
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    HEART-IS: A Novel Technique for Evaluating Human Error-Related Information Security Incidents

    Thumbnail
    View/Open
    finalised HEART of Information Security _ A human reliability analysis case study 25-02-2018.docx (152.2Kb)
    Date
    2018-09-25
    Author
    Evans, M.;
    He, Ying;
    Maglaras, Leandros;
    Janicke, Helge
    Metadata
    Show attachments and full item record
    Abstract
    Organisations continue to suffer information security incidents and breaches as a result of human error even though humans are recognised as the weakest link with regard to information security. Despite this level of understanding organisations continue to focus their attention on technical security controls rather than the human factor and have not incorporated methods such as Human Reliability Analysis (HRA) which are used within high reliability sectors such as rail, aviation and energy. The objectives of our research are to define a human error related information security incident and create the novel HEART of Information Security (HEART-IS) technique which is an adaptation of the Human Error Assessment and Reduction Technique (HEART). We conducted a case study within a private sector organisation using HEART-IS to establish if HRA is applicable to information security. The novel HEART-IS technique comprises of a mapping component and an analysis component. In the case study, we applied HEART-IS to map HEART Error Producing Conditions (EPC) to twelve months of reported information security incidents and analysed the volumes of human error and underlying causes. We found that HEART-IS is applicable to the information security field with some minor amendments to the terminology. The mapping of information security incident causes to the HEART Error Producing Conditions (EPC) was successful but the in-built HEART human error probability calculations did not match the actual volumes of reported human error related incidents.
    Description
    The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.
    Citation : Evans, M., He, Y., Maglaras, L., Janicke, H. (2018) HEART-IS: A Novel Technique for Evaluating Human Error-Related Information Security Incidents. Computers & Security, 80, pp.74-89.
    URI
    http://hdl.handle.net/2086/17169
    DOI
    https://doi.org/10.1016/j.cose.2018.09.002
    Research Group : Cyber Security Centre
    Research Institute : Cyber Technology Institute (CTI)
    Peer Reviewed : Yes
    Collections
    • School of Computer Science and Informatics [2978]

    Submission Guide | Reporting Guide | Reporting Tool | DMU Open Access Libguide | Take Down Policy | Connect with DORA
    DMU LIbrary
     

     

    Browse

    All of DORACommunities & CollectionsAuthorsTitlesSubjects/KeywordsResearch InstituteBy Publication DateBy Submission DateThis CollectionAuthorsTitlesSubjects/KeywordsResearch InstituteBy Publication DateBy Submission Date

    My Account

    Login

    Submission Guide | Reporting Guide | Reporting Tool | DMU Open Access Libguide | Take Down Policy | Connect with DORA
    DMU LIbrary