Search results

1 – 2 of 2
Per page
102050
Citations:
Loading...
Access Restricted. View access options
Article
Publication date: 3 June 2019

Mark Glenn Evans, Ying He, Iryna Yevseyeva and Helge Janicke

This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of…

780

Abstract

Purpose

This paper aims to provide an understanding of the proportions of incidents that relate to human error. The information security field experiences a continuous stream of information security incidents and breaches, which are publicised by the media, public bodies and regulators. Despite the need for information security practices being recognised and in existence for some time, the underlying general information security affecting tasks and causes of these incidents and breaches are not consistently understood, particularly with regard to human error.

Design/methodology/approach

This paper analyses recent published incidents and breaches to establish the proportions of human error and where possible subsequently uses the HEART (human error assessment and reduction technique) human reliability analysis technique, which is established within the safety field.

Findings

This analysis provides an understanding of the proportions of incidents and breaches that relate to human error, as well as the common types of tasks that result in these incidents and breaches through adoption of methods applied within the safety field.

Originality/value

This research provides original contribution to knowledge through the analysis of recent public sector information security incidents and breaches to understand the proportions that relate to human error.

Details

Information & Computer Security, vol. 27 no. 3
Type: Research Article
ISSN: 2056-4961

Keywords

Access Restricted. View access options
Article
Publication date: 2 March 2023

Giddeon Njamngang Angafor, Iryna Yevseyeva and Leandros Maglaras

This paper aims to discuss the experiences designing and conducting an experiential learning virtual incident response tabletop exercise (VIRTTX) to review a business's security…

729

Abstract

Purpose

This paper aims to discuss the experiences designing and conducting an experiential learning virtual incident response tabletop exercise (VIRTTX) to review a business's security posture as it adapts to remote working because of the Coronavirus 2019 (COVID-19). The pandemic forced businesses to move operations from offices to remote working. Given that this happened quickly for many, some firms had little time to factor in appropriate cyber-hygiene and incident prevention measures, thereby exposing themselves to vulnerabilities such as phishing and other scams.

Design/methodology/approach

The exercise was designed and facilitated through Microsoft Teams. The approach used included a literature review and an experiential learning method that used scenario-based, active pedagogical strategies such as case studies, simulations, role-playing and discussion-focused techniques to develop and evaluate processes and procedures used in preventing, detecting, mitigating, responding and recovering from cyber incidents.

Findings

The exercise highlighted the value of using scenario-based exercises in cyber security training. It elaborated that scenario-based incident response (IR) exercises are beneficial because well-crafted and well-executed exercises raise cyber security awareness among managers and IT professionals. Such activities with integrated operational and decision-making components enable businesses to evaluate IR and disaster recovery (DR) procedures, including communication flows, to improve decision-making at strategic levels and enhance the technical skills of cyber security personnel.

Practical implications

It maintained that the primary implication for practice is that they enhance security awareness through practical experiential, hands-on exercises such as this VIRTTX. These exercises bring together staff from across a business to evaluate existing IR/DR processes to determine if they are fit for purpose, establish existing gaps and identify strategies to prevent future threats, including during challenging circumstances such as the COVID-19 outbreak. Furthermore, the use of TTXs or TTEs for scenario-based incident response exercises was extremely useful for cyber security practice because well-crafted and well-executed exercises have been found to serve as valuable and effective tools for raising cyber security awareness among senior leadership, managers and IT professionals (Ulmanová, 2020).

Originality/value

This paper underlines the importance of practical, scenario-based cyber-IR training and reports on the experience of conducting a virtual IR/DR tabletop exercise within a large organisation.

1 – 2 of 2
Per page
102050