Assessing the impact of human error in information security incidents

Problems associated with information security have generally focused on breaches by malicious hackers. However, research findings have identified human error as the primary factor in information security incidents (McCauley-Bell and Crumpton, 1998). In fact, findings of a report by the National Institute of Standards and Technology (NIST) revealed 65% of the incidents occurring within the government and private organizations are the result of human errors.; Presently, there are no classification schemes and/or tools to adequately classify the types of errors committed and assess the effect of human errors in information security. Thus, the goals of this research are to develop a scheme for classifying human errors in information security systems, determine the impact of human errors in information security, identity a tool to predict human error in information security systems and formulate a plan to mitigate the effects of human error. A real world application will be identified to investigate human error in information security, for example, the banking industry, military operations, health center, automotive or retail industries.; Findings of this research suggest that an effective classification scheme permits various types of human error to be classified by identifying causes/effects of their origin. Also, assessing the probability of human error for various types of mistakes can be a valuable asset in preventing human errors in information security because of its predictive value.