This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time, the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error.
This paper analyses recent published incidents and breaches to establish the proportions of human error and where possible subsequently uses the HEART (human error assessment and reduction technique) human reliability analysis technique, which is established within the safety field.
This analysis provides an understanding of the proportions of incidents and breaches that relate to human error, as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field.
This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches to understand the proportions that relate to human error.
Evans, M.G., He, Y., Yevseyeva, I. and Janicke, H. (2019), "Published incidents and their proportions of human error", Information and Computer Security, Vol. 27 No. 3, pp. 343-357. https://doi.org/10.1108/ICS-12-2018-0147
Emerald Publishing Limited
Copyright © 2019, Emerald Publishing Limited