| Problems associated with information security have generally focused on breaches by malicious hackers. However, research findings have identified human error as the primary factor in information security incidents (McCauley-Bell and Crumpton, 1998). In fact, findings of a report by the National Institute of Standards and Technology (NIST) revealed 65% of the incidents occurring within the government and private organizations are the result of human errors.; Presently, there are no classification schemes and/or tools to adequately classify the types of errors committed and assess the effect of human errors in information security. Thus, the goals of this research are to develop a scheme for classifying human errors in information security systems, determine the impact of human errors in information security, identity a tool to predict human error in information security systems and formulate a plan to mitigate the effects of human error. A real world application will be identified to investigate human error in information security, for example, the banking industry, military operations, health center, automotive or retail industries.; Findings of this research suggest that an effective classification scheme permits various types of human error to be classified by identifying causes/effects of their origin. Also, assessing the probability of human error for various types of mistakes can be a valuable asset in preventing human errors in information security because of its predictive value. |
