Evaluating Information Security Core Human Error Causes (IS-CHEC) Technique in Public Sector and Comparison with the Private Sector
Background The number of reported public sector information security incidents has significantly increased recently including 22% related to the UK health sector. Over two thirds of these incidents pertain to human error, but despite this, there are limited published related works researching human error as it affects information security. Method This research conducts an empirical case study into the feasibility and implementation of the Information Security Core Human Error Causes (IS-CHEC) technique which is an information security adaptation of Human Error Assessment and Reduction Technique (HEART). We analysed 12 months of reported information security incidents for a participating public sector organisation providing healthcare services and mapped them to the IS-CHEC technique. Results The results show that the IS-CHEC technique is applicable to the field of information security but identified that the underpinning HEART human error probability calculations did not align to the recorded incidents. The paper then proposes adaptation of the IS-CHEC technique based on the feedback from users during the implementation. We then compared the results against those of a private sector organisation established using the same approach. Conclusions The research concluded that the proportion of human error is far higher than reported in current literature. The most common causes of human error within the participating public sector organisation were lack of time for error detection and correction, no obvious means of reversing an unintended action and people performing repetitious tasks.
The file attached to this record is the author's final peer reviewed version.
Citation : Evans, M., HE, Y., Yevseyeva, I., Maglaras, L., Janicke, H. (2019) Evaluating Information Security Core Human Error Causes (IS-CHEC) Technique in Public Sector and Comparison with the Private Sector. International Journal of Medical Informatics,
ISSN : 1386-5056
Research Institute : Cyber Technology Institute (CTI)
Peer Reviewed : Yes
Showing items related by title, author, creator and subject.
Business, Human Rights and Corporate Social Responsibility in a Global Financial Crisis: The Global Challenge of Embedding Human Rights in Organizations and Human Resource Management Practices Ejiogu, Chibuzo (Book chapter)The relationship between business and human rights is important and complex. The social responsibility of business is evolving as Multinational Corporations become more pervasive and powerful; their global footprint can ...