论文信息 - A Human Factors Vulnerability Evaluation Method for Computer and Information Security

A Human Factors Vulnerability Evaluation Method for Computer and Information Security

There is a current lack of human factors identification and analysis methods in computer and information security. Previous research has focused on micro-level issues, such as task analyses and usability studies of security methods such as smart cards, passwords, and biometric devices. The purpose of this research is to develop a framework for identifying human factors and organizational issues contributing to computer and information security vulnerabilities and breaches. This framework is applied in conjunction with technical security audits. The purpose of this research is to test, develop, and refine the proposed methodology. This study examines the methodology with known computer and information technical vulnerabilities through semi-structured interviews with network administrators. These interviews yielded results in the form of methodology refinements and developments and two case studies of technical security vulnerabilities, using what is called the Human Factors Vulnerability Analysis, or HFVA.

Pascale Carayon | Sara Kraemer

[1] Alistair Sutcliffe,et al. A Taxonomy of Error Types for Failure Analysis and Risk Assessment , 1998, Int. J. Hum. Comput. Interact..

[2] P Carayon,et al. Work organization and ergonomics. , 2000, Applied ergonomics.

[3] Gavriel Salvendy,et al. A Task Analysis of Usability in Third-Party Authentication , 2000 .

[4] Thomas A. Longstaff,et al. A common language for computer security incidents , 1998 .

[5] B. Alberts. Cybersecurity Today and Tomorrow: Pay Now or Pay Later , 2002 .

[6] Pascale C. Sainfort,et al. A balance theory of job design for stress reduction , 1989 .

[7] James T. Reason,et al. Managing the risks of organizational accidents , 1997 .

[8] J. Shaoul. Human Error , 1973, Nature.

[9] M. Angela Sasse,et al. Users are not the enemy , 1999, CACM.

[10] J. D. Tygar,et al. Usability of Security: A Case Study, , 1998 .

[11] R. Power. CSI/FBI computer crime and security survey , 2001 .

[12] Tjerk W. van der Schaaf. Chapter 6 – DEVELOPMENT OF A NEAR MISS MANAGEMENT SYSTEM AT A CHEMICAL PROCESS PLANT , 1991 .

[13] J. Doug Tygar,et al. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[14] Martin P. Loeb,et al. CSI/FBI Computer Crime and Security Survey , 2004 .