Importance of Human Error Taxonomy for Unintentional Insider Threat

  • Setyawan Widyarto
  • Syahirah Mohd Nor
  • Wan Basri Wan Ismail
Keywords: unintentional insider threat, human error, information security, human error factors

Abstract

The organization has developed an information security program to guide users in handling their data and systems. However, human errors remain a major challenge to information security. This research aims to explore the human error taxonomy, which is closely linked to human error activities and factors that pose a high risk of information leakage in organizations. To study the activities and factors that contribute to human errors, a systematic literature review was conducted to outline the human errors that impact an organization's information security culture. The paper has utilized the human error taxonomy guidance to identify and classify human error activities with their contributing factors. This approach will assist employees and organizations in understanding the importance of human error taxonomy to prevent unintentional insider threats and enhance their information security measures. The identification and classification of human error activities and factors will provide valuable insights to improve the effectiveness of an organization's information security program.

References

[1] F. L. Greitzer et al., “Unintentional insider threat: Contributing factors, observables, and mitigation strategies,” in Proceedings of the Annual Hawaii International Conference on System Sciences, 2014, doi: 10.1109/HICSS.2014.256.
[2] A. Shabtai, Y. Elovici, and L. Rokach, “A survey of data leakage detection and prevention solutions,” in SpringerBriefs in Computer Science, 2012.
[3] C. Boulton, “Humans are (still) the weakest cybersecurity link,” Cio.Com, 2017. .
[4] X. Shu, J. Zhang, D. Yao, S. Member, and W.-C. Feng, “Fast Detection of Transformed Data Leaks,” Ieee Trans. Inf. Forensics Secur., vol. 11, no. 3, pp. 528–542, 2016, doi: 10.1109/TIFS.2015.2503271.
[5] F. L. Greitzer, J. R. Strozer, S. Cohen, A. P. Moore, D. Mundie, and J. Cowley, “Analysis of unintentional insider threats deriving from social engineering exploits,” Proc. - IEEE Symp. Secur. Priv., vol. 2014-Janua, pp. 236–250, 2014, doi: 10.1109/SPW.2014.39.
[6] D. Miyamoto and T. Takahashi, “Toward automated reduction of human errors based on cognitive analysis,” in Proceedings - 7th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2013, 2013, pp. 820–825, doi: 10.1109/IMIS.2013.147.
[7] P. S. Ganguly, “Human error Vs . Work place Management in modern organizations,” Int. J. Res. Manag. Technol., vol. 1, no. 1, pp. 13–17, 2011.
[8] T. Dybå, B. A. Kitchenham, and M. Jorgensen, “Evidence-based software engineering for practitioners,” IEEE Softw., 2005, doi: 10.1109/MS.2005.6.
[9] J. T. Selvik and L. J. Bellamy, “Addressing human error when collecting failure cause information in the oil and gas industry: A review of ISO 14224:2016,” Reliab. Eng. Syst. Saf., no. January, 2019, doi: 10.1016/j.ress.2019.03.025.
[10] V. Anu et al., “Development of a human error taxonomy for software requirements: A systematic literature review,” Inf. Softw. Technol., vol. 103, no. June, pp. 112–124, 2018, doi: 10.1016/j.infsof.2018.06.011.
[11] J. Reason, “Review. Human error.,” Hum. error., 1990.
Published
2023-04-19
How to Cite
Widyarto, S., Mohd Nor, S., & Wan Ismail, W. B. (2023). Importance of Human Error Taxonomy for Unintentional Insider Threat. Selangor Science & Technology Review (SeSTeR), 7(1), 45-51. Retrieved from https://sester.journals.unisel.edu.my/ojs/index.php/sester/article/view/319