Affordable Access

Human errors and violations in computer and information security: the viewpoint of network administrators and security specialists.

Authors
  • Kraemer, Sara
  • Carayon, Pascale
Type
Published Article
Journal
Applied Ergonomics
Publisher
Elsevier
Publication Date
Mar 01, 2007
Volume
38
Issue
2
Pages
143–154
Identifiers
PMID: 16782040
Source
Medline
License
Unknown

Abstract

This paper describes human errors and violations of end users and network administration in computer and information security. This information is summarized in a conceptual framework for examining the human and organizational factors contributing to computer and information security. This framework includes human error taxonomies to describe the work conditions that contribute adversely to computer and information security, i.e. to security vulnerabilities and breaches. The issue of human error and violation in computer and information security was explored through a series of 16 interviews with network administrators and security specialists. The interviews were audio taped, transcribed, and analyzed by coding specific themes in a node structure. The result is an expanded framework that classifies types of human error and identifies specific human and organizational factors that contribute to computer and information security. Network administrators tended to view errors created by end users as more intentional than unintentional, while errors created by network administrators as more unintentional than intentional. Organizational factors, such as communication, security culture, policy, and organizational structure, were the most frequently cited factors associated with computer and information security.

Report this publication

Statistics

Seen <100 times