How do you make information security user friendly?

This article explores the past and the present situation, outlines a new approach, and presents conclusions

Employee Perspective on Information Security Related Human Error in Healthcare: Proactive Use of IS-CHEC in Questionnaire Form

The objective of the research was to establish data relating to underlying causes of human error which are the most common cause of information security incidents within a private sector healthcare organization. A survey questionnaire was designed to proactively apply the IS-CHEC information security human reliability analysis (HRA) technique. The IS-CHEC technique questionnaire identified the most likely core human error causes that could result in incidents, their likelihood, the most likely tasks that could be affected, suggested remedial and preventative measures, systems or processes that would be likely to be affected by human error and established the levels of risk exposure. The survey was operational from 15th November 2018 to 15th December 2018. It achieved a response rate of 65% which equated to 485 of 749 people targeted by the research. The research found that, in the case of this particular participating organization, the application of the IS-CHEC technique through a questionnaire added beneficial value as an enhancement to a standard approach of holistic risk assessment. The research confirmed that the IS-CHEC in questionnaire form can be successfully applied within a private sector healthcare organization and also that a distributed approach for information security human error assessment can be successfully undertaken in order to add beneficial value. The results of this paper indicate, from the questionnaire responses supplied by employees, that organizational focus on its people and their working environment can improve information security posture and reduce the likelihood of associated information security incidents through a reduction in human error

A functional-interpretive approach to information systems security e competencies development in the higher education institution: a comparativ e case of four South African higher education institutions

Philosophiae Doctor - PhDThe research reported in this thesis examines the approaches of four (4) HEIs in the Western Cape Province in South Africa to institutional development of IS security ecompetencies across their full staff compliments. It used a mixed research methodology and multiple case study research design in which four Higher Education Institutions (HEIs) participated. A total of 26 in-depth interviews were conducted and 385 questionnaires were completed. The research found that these HEIs do not formally develop the IS security e-competencies of their IS resources end users. Because end users handle critical information and research projects of importance not only to the HEIs, but also to the country, this situation creates a potential risk to their IS resources. In other words, the HEIs that participated in this research rely more on the ICT security technology itself to protect their IS resources than on the human side of ICT security. This is in direct contrast to the established literature which clearly points out that it is the internal end users that pose the most threats to IS security resources and these threats are more dangerous than the external threats