Title :
Securing the human to protect the system: Human factors in cyber security
Author_Institution :
Symantec.cloud, Gloucester, UK
Abstract :
Analysis of the publications of the Information Commissioner´s Office relating to prosecutions or monetary penalties for data breaches shows that many of these breaches involved human error. The most common such errors in these reports are well meaning insiders making slips in routine operations. Technical correction strategies to mitigate against the error were either absent or ineffective in preventing harm from being incurred. This paper considers the failure modes of human operators of information systems within reports issued by the Information Commissioner´s Office. These demonstrate where additional technological assistance may be better directed to reduce probability of occurrence and to reduce the impact of information security failures.
Keywords :
human factors; information systems; security of data; Information Commissioner Office; cyber security; data breaches; failure mode; human error; human factor; human operator; information security failure; information system; monetary penalties; occurrence probability; prosecution; system protection; technical correction strategy; technological assistance; human error; information security;
Conference_Titel :
System Safety, incorporating the Cyber Security Conference 2012, 7th IET International Conference on
Conference_Location :
Edinburgh
Electronic_ISBN :
978-1-84919-678-9
DOI :
10.1049/cp.2012.1519
