Show simple item record

dc.contributor.authorEvans, M.en
dc.contributor.authorHe, Yingen
dc.contributor.authorMaglaras, Leandrosen
dc.contributor.authorJanicke, Helgeen
dc.date.accessioned2018-11-13T09:35:32Z
dc.date.available2018-11-13T09:35:32Z
dc.date.issued2018-09-25
dc.identifier.citationEvans, M., He, Y., Maglaras, L., Janicke, H. (2018) HEART-IS: A Novel Technique for Evaluating Human Error-Related Information Security Incidents. Computers & Security, 80, pp.74-89.en
dc.identifier.urihttp://hdl.handle.net/2086/17169
dc.descriptionThe file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.en
dc.description.abstractOrganisations continue to suffer information security incidents and breaches as a result of human error even though humans are recognised as the weakest link with regard to information security. Despite this level of understanding organisations continue to focus their attention on technical security controls rather than the human factor and have not incorporated methods such as Human Reliability Analysis (HRA) which are used within high reliability sectors such as rail, aviation and energy. The objectives of our research are to define a human error related information security incident and create the novel HEART of Information Security (HEART-IS) technique which is an adaptation of the Human Error Assessment and Reduction Technique (HEART). We conducted a case study within a private sector organisation using HEART-IS to establish if HRA is applicable to information security. The novel HEART-IS technique comprises of a mapping component and an analysis component. In the case study, we applied HEART-IS to map HEART Error Producing Conditions (EPC) to twelve months of reported information security incidents and analysed the volumes of human error and underlying causes. We found that HEART-IS is applicable to the information security field with some minor amendments to the terminology. The mapping of information security incident causes to the HEART Error Producing Conditions (EPC) was successful but the in-built HEART human error probability calculations did not match the actual volumes of reported human error related incidents.en
dc.language.isoenen
dc.publisherElsevieren
dc.subjectInformation Securityen
dc.subjectHuman Error Assessment and Reduction Techniqueen
dc.subjectHEART-ISen
dc.subjectHuman Error Related Information Security Incidentsen
dc.subjectHuman Reliability Analysis (HRA)en
dc.titleHEART-IS: A Novel Technique for Evaluating Human Error-Related Information Security Incidentsen
dc.typeArticleen
dc.identifier.doihttps://doi.org/10.1016/j.cose.2018.09.002
dc.researchgroupCyber Security Centreen
dc.peerreviewedYesen
dc.funderN/Aen
dc.projectidN/Aen
dc.cclicenceCC-BY-NCen
dc.date.acceptance2018-09-14en
dc.researchinstituteCyber Technology Institute (CTI)en


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record