205 research outputs found

    Published incidents and their proportions of human error

    Get PDF
    The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Purpose - The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error. Methodology - This paper analyses recent published incidents and breaches to establish the proportions of human error, and where possible subsequently utilises the HEART human reliability analysis technique, which is established within the safety field. Findings - This analysis provides an understanding of the proportions of incidents and breaches that relate to human error as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field. Originality - This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches in order to understand the proportions that relate to human erro

    Real-time information security incident management : a case study using the IS-CHEC technique

    Get PDF
    Information security recognised the human as the weakest link. Despite numerous international or sector-specific standards and frameworks, the information security community has not yet adopted formal mechanisms to manage human errors that cause information security breaches. Such techniques have been however established within the safety field where human reliability analysis (HRA) techniques are widely applied. In previous work we developed Information Security Core Human Error Causes (IS-CHEC) to fill this gap. This case study presents empirical research that uses IS-CHEC over a 12 month period within two participating public and private sector organisations in order to observe and understand how the implementation of the IS-CHEC information security HRA technique affected the respective organisations. The application of the IS-CHEC technique enabled the proportions of human error related information security incidents to be understood as well as the underlying causes of these incidents. The study captured the details of the incidents in terms of the most common underlying causes, selection of remedial and preventative measures, volumes of reported information security incidents, proportions of human error, common tasks undertaken at the time the incident occurred, as well as the perceptions of key individuals within the participating organisations through semi-structured interviews. The study confirmed in both cases that the vast majority of reported information security incidents relate to human error, and although the volumes of human error related incidents pertaining to both participating organisations fluctuated over the 12 month period, the proportions of human error remained consistently as the majority root cause

    Employee Perspective on Information Security Related Human Error in Healthcare: Proactive Use of IS-CHEC in Questionnaire Form

    Get PDF
    The objective of the research was to establish data relating to underlying causes of human error which are the most common cause of information security incidents within a private sector healthcare organization. A survey questionnaire was designed to proactively apply the IS-CHEC information security human reliability analysis (HRA) technique. The IS-CHEC technique questionnaire identified the most likely core human error causes that could result in incidents, their likelihood, the most likely tasks that could be affected, suggested remedial and preventative measures, systems or processes that would be likely to be affected by human error and established the levels of risk exposure. The survey was operational from 15th November 2018 to 15th December 2018. It achieved a response rate of 65% which equated to 485 of 749 people targeted by the research. The research found that, in the case of this particular participating organization, the application of the IS-CHEC technique through a questionnaire added beneficial value as an enhancement to a standard approach of holistic risk assessment. The research confirmed that the IS-CHEC in questionnaire form can be successfully applied within a private sector healthcare organization and also that a distributed approach for information security human error assessment can be successfully undertaken in order to add beneficial value. The results of this paper indicate, from the questionnaire responses supplied by employees, that organizational focus on its people and their working environment can improve information security posture and reduce the likelihood of associated information security incidents through a reduction in human error

    Healthcare Cyber Security Challenges and Solutions Under the Climate of COVID19: A Scoping Review

    Get PDF
    Background: COVID-19 has challenged the resilience of the health care information system, which has affected our ability to achieve the global goal of health and well-being. The pandemic has resulted in a number of recent cyberattacks on hospitals, pharmaceutical companies, the US Department of Health and Human Services, the World Health Organization and its partners, and others. Objective: The aim of this review was to identify key cybersecurity challenges, solutions adapted by the health sector, and areas of improvement needed to counteract the recent increases in cyberattacks (eg, phishing campaigns and ransomware attacks), which have been used by attackers to exploit vulnerabilities in technology and people introduced through changes to working practices in response to the COVID-19 pandemic. Methods: A scoping review was conducted by searching two major scientific databases (PubMed and Scopus) using the search formula “(covid OR healthcare) AND cybersecurity.” Reports, news articles, and industry white papers were also included if they were related directly to previously published works, or if they were the only available sources at the time of writing. Only articles in English published in the last decade were included (ie, 2011-2020) in order to focus on current issues, challenges, and solutions. Results: We identified 9 main challenges in cybersecurity, 11 key solutions that health care organizations adapted to address these challenges, and 4 key areas that need to be strengthened in terms of cybersecurity capacity in the health sector. We also found that the most prominent and significant methods of cyberattacks that occurred during the pandemic were related to phishing, ransomware, distributed denial-of-service attacks, and malware. Conclusions: This scoping review identified the most impactful methods of cyberattacks that targeted the health sector during the COVID-19 pandemic, as well as the challenges in cybersecurity, solutions, and areas in need of improvement. We provided useful insights to the health sector on cybersecurity issues during the COVID-19 pandemic as well as other epidemics or pandemics that may materialize in the future

    Modelo de ciberseguridad para el sector de salud pública: 2018 -2020: una revisión de la literatura científica

    Get PDF
    Hoy en día la información de diversos centros de salud se ha visto afectada por ciberataques, estos problemas surgen debido a que a que no se cuenta con planes eficientes y consistentes de ciberseguridad. Afectando enormemente a la seguridad nacional, ya que se habla de data personal masiva, financiera e intelectual. En la actualidad se afirma que el sector de salud se sitúa entre los cinco sectores principales que se encuentran expuestos a mayores riesgos de seguridad desde el 2018. Por lo que es de vital importancia tomar medidas para proteger la privacidad datos del personal y del público. La presente revisión sistemática tiene como objetivo analizar modelos de ciberseguridad aplicado al sector salud pública. En esta revisión se sintetizaron los datos extraídos de 50 artículos, relacionados al tema de ciberseguridad y modelos de ciberseguridad. La búsqueda de la información se realizó en la base de datos de IEEEXLORE, Scopus, WOS y Science Direct. En total se encontró que el 52% de artículos (26) son analíticos y el 48% son descriptivos (24). La revisión de la literatura científica realizada nos indica que las características básicas que debe presentar un marco de ciberseguridad dirigido al sector de salud pública; entre ellas tenemos: tamaño pequeño a mediano, adaptable, componible y reusable

    The Workplace Information Sensitivity Appraisal (WISA) scale

    Get PDF
    Human error in security plays a significant role in the majority of cyber-attacks on businesses. Security behaviours are impacted by numerous factors, including individual perceptions of information sensitivity. However, there is currently a lack of empirical measurement of information sensitivity and its role in determining security behaviours. This research presents a measure of information sensitivity appraisal that predicts security behaviour. We outline the design, development and validation of the Workplace Information Sensitivity Appraisal scale. The psychometric properties were assessed with data from an online sample of 326 employees in the UK. The scale comprises of five subscales: Privacy, Worth, Consequences, Low proximity interest by others and High proximity interest by others. The final 16-item WISA scale, alongside its five subscales, represents a comprehensive measure of information sensitivity appraisal in the workplace. The WISA scale has been found to have strong factorial validity, confirmed across eight information types, strong content validity, good criterion-related validity, adequate discriminant validity, and high internal reliability. This research utilised the WISA scale to explore sensitivity differences across eight information types: four concerning living individuals (Personal, Health, Financial & Lifestyle) and four organisationally-focused information types (IP, day to day, commercial & HR). Financial information was found to have the highest ratings for overall sensitivity followed by health and HR. Finally, scores for the WISA scale predicted a range of security behaviours including password usage, secure Wi-Fi usage, physical security and avoiding security risks. This demonstrates the potential role for information sensitivity appraisal as a determinant of security behaviours

    Criterios y aspectos evaluados por las empresas al implantar un sistema de gestión de seguridad de la información

    Get PDF
    Esta investigación tiene como objetivo realizar un análisis de los criterios y aspectos al implementar un sistema de gestión de seguridad de la información (SGSI) sobre las empresas, permitiendo identificar mejores procedimientos para ser aplicados ante situaciones perjudiciales. Las tecnologías de información y comunicaciones(TIC) han colocado un gran interés a la protección de la información para garantizar apropiados niveles de seguridad y preservación. Para el desarrollo de la revisión se hizo un bosquejo sobre artículos a nivel internacional referente al proceso que se llevó al implementar una adecuada gestión de seguridad, basadas en algunas buenas practicas, metodologías y estándares. Se concluye que, al implementar una buena gestión, permite mejorar la situación actual que viven las empresas en materia de seguridad de la información y a la vez, estos criterios y aspectos de éxito sirvan como una guía y modelo a aquellos que están implementando un SGSI para alguna empresa.Trabajo de investigaciónTARAPOTOEscuela Profesional de Ingeniería de SistemasGestión de T

    Food System and Food Security Study for the City of Cape Town

    Get PDF
    Food insecurity is a critical, but poorly understood, challenge for the health and development of Capetonians. Food insecurity is often imagined as hunger, but it is far broader than that. Households are considered food secure when they have “physical and economic access to sufficient and nutritious food that meets their dietary needs and food preferences for an active and healthy life” (WHO/FAO 1996). Health is not merely the absence of disease, but also encompasses good nutrition and healthy lifestyles. Individuals in a food insecure household and/or community are at greater risk due to diets of poor nutritional value, which lowers immunity against diseases. In children, food insecurity is known to stunt growth and development and this places the child in a disadvantaged position from early on in life. Any improvement in the nutritional profile of an individual is beneficial and as the family and community become more food secure, the greater the benefit. It further reduces the demand on health services. In the Cape Town context, food insecurity manifests not just as hunger, but as long term consumption of a limited variety of foods, reduction in meal sizes and choices to eat calorie dense, nutritionally poor foods in an effort to get enough food to get by. Associated with this food insecurity are chronic malnutrition and micronutrient deficiency, particularly among young children, and an increase in obesity, diabetes and other diet related illnesses. Food insecurity is therefore not about food not being available, it is about households not having the economic or physical resources to access enough of the right kind of food. The latest study of food insecurity in Cape Town found that 75 percent of households in sampled low-income areas were food insecure, with 58 percent falling into the severely food insecurity category. Food insecurity is caused by household scale characteristics, such as income poverty, but also by wider structural issues, such as the local food retail environment and the price and availability of healthy relative to less healthy foods. The City of Cape Town therefore commissioned a study based on the following understanding of the food security challenge facing the City. “Food security or the lack thereof is the outcome of complex and multi-dimensional factors comprising a food system. Therefore, food insecurity is the result of failures or inefficiencies in one or more dimensions of the food system. This necessitates a holistic analysis of the food system that than can provide insights into the various components of the system, especially in our context as a developing world city.” The call for a food system study sees the City of Cape Town taking the lead nationally, being the first metropolitan area to seek to engage in the food system in a holistic manner and attempting to understand what role the city needs to play in the food system. The City must work towards a food system that is reliable, sustainable and transparent. Such a system will generate household food security that is less dependent on welfarist responses to the challenge. In this context, reliability is taken to mean stable and consistent prices, the nutritional quality of available and accessible food, and food safety. Sustainability means that the food system does not degrade the environmental, economic and social environment. Finally, transparency refers to the legibility of the system and its control by the state and citizens

    CORPORATE SOCIAL RESPONSIBILITY IN ROMANIA

    Get PDF
    The purpose of this paper is to identify the main opportunities and limitations of corporate social responsibility (CSR). The survey was defined with the aim to involve the highest possible number of relevant CSR topics and give the issue a more wholesome perspective. It provides a basis for further comprehension and deeper analyses of specific CSR areas. The conditions determining the success of CSR in Romania have been defined in the paper on the basis of the previously cumulative knowledge as well as the results of various researches. This paper provides knowledge which may be useful in the programs promoting CSR.Corporate social responsibility, Supportive policies, Romania
    corecore