SlideShare a Scribd company logo

Human Error in Cyber Security

A
Antti Ollila

Literature review about human error in cyber security. Made for my user psychology course in the university.

1 of 14
Download to read offline
Literature Review Antti Ollila 24.2.2016 KOG520 University of Jyväskylä
 Computers… ◦ …are logical ◦ …are bad at making informed decisions ◦ …do not make mistakes ◦ …are designed, operated, built and maintained… ◦ … by humans (Saariluoma 2013, TJTA103 opening lecture)
 Humans can be… ◦ …unskilled ◦ …taking unnecessary risks ◦ …careless ◦ …tired, sick, etc.  Humans are needed to make technology work (Saariluoma 2013, TJTA103 opening lecture)
 Happens everywhere ◦ and all the time  Email to wrong recipient  Cashier giving too much change  More complexity, bigger impact ◦ UK: disclosed personal information on 25m citizens ◦ Italy: Costa Concordia ◦ Finland: Nokia Water Crisis
 3rd most significant threat in 2003(Whitman)  46% of cyber security incidents in UK 2011- 2012(Lee)  Weakest link in the cyber security chain Whitman, M. E. (2003). Enemy at the gate: threats to information security. Communications of the ACM, 46(8), 91-95. Lee, M. G. (2012, October). Securing the human to protect the system: Human factors in cyber security. In System Safety, incorporating the Cyber Security Conference 2012, 7th IET International Conference on (pp. 1-5). IET.
 Google Scholar, IEEEXplore, sciencedirect ◦ ”Cyber Security Human Error” ◦ ”Cyber Security Human Factor” ◦ ”Usable Security” ◦ ”Cyber Security Usability” ◦ Years 2010-2016  Forward searching from articles found or read before
 Toward Automated Reduction of Human Errors based on Cognitive Analysis (Miyamoto, D. & Takahashi, T. 2013)  Securing the Human to Protect the System: Human Factors in Cyber Security (Lee, M.G. 2012)  Measuring the Human Factor of Cyber Security (Bowen et al. 2011)  Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness (Akhawe, D. & Felt, A. P. 2013)  Guidelines for Usable Cybersecurity: Past and Present (Nurse et al. 2011)
 Framework to gather data to understand human error  Less biased than questionnaires  Cognitive psychology ◦ Monitor eye movement and facial skin temperature when performing tasks
 Well-Meaning Insider ◦ slips ◦ lapses ◦ mistakes  Malicious Insider ◦ violations  Malicious Outsider  46% by well-meaning insiders, 17% violations
 Training system to prevent phishing  Generates phishing emails and tracks the success rate  In test group(2000 university students and staff) no successful phishing attempts after 4 iterations
 Study on browser warning messages  Sample of ~25m interactions  Malware warnings ◦ 7.2% Firefox, 23.2% Chrome  Good design can increase security
 Too complex security systems might lead to weakened security  19 design guidelines for better usability  Usability and Security do not have to be seen as competing system goals
 Security is rarely primary task  Not everyone is a security specialist ◦ And also the experts make errors  Human error is significant threat to information security...  ...but it can be mitigated to some extent by design and training
 ”Companies spend millions of dollars on firewalls and secure access devices, and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems” -Kevin Mitnick

Recommended

Expressworks Perspective on Human Behavior and Cyber Security
Expressworks Perspective on Human Behavior and Cyber SecurityExpressworks Perspective on Human Behavior and Cyber Security
Expressworks Perspective on Human Behavior and Cyber Security
Expressworks International
 
Human Factor on Information Security -- Origin of Information Leakage
Human Factor on Information Security -- Origin of Information LeakageHuman Factor on Information Security -- Origin of Information Leakage
Human Factor on Information Security -- Origin of Information Leakage
Toru Nakata
 
20 tips for information security around human factors and human error
20 tips for information security around human factors and human error20 tips for information security around human factors and human error
20 tips for information security around human factors and human error
Toru Nakata
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Marc Vael
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber Presentation
Expressworks International
 
Executive Information Security Training
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security Training
Angela Samuels
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees
OPSWAT
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
CAS
 

Recommended

Expressworks Perspective on Human Behavior and Cyber Security
Expressworks Perspective on Human Behavior and Cyber SecurityExpressworks Perspective on Human Behavior and Cyber Security
Expressworks Perspective on Human Behavior and Cyber Security
Expressworks International
 
Human Factor on Information Security -- Origin of Information Leakage
Human Factor on Information Security -- Origin of Information LeakageHuman Factor on Information Security -- Origin of Information Leakage
Human Factor on Information Security -- Origin of Information Leakage
Toru Nakata
 
20 tips for information security around human factors and human error
20 tips for information security around human factors and human error20 tips for information security around human factors and human error
20 tips for information security around human factors and human error
Toru Nakata
 
Information security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handoutInformation security awareness (sept 2012) bis handout
Information security awareness (sept 2012) bis handout
Marc Vael
 
Austin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber PresentationAustin Bsides March 2016 Cyber Presentation
Austin Bsides March 2016 Cyber Presentation
Expressworks International
 
Executive Information Security Training
Executive Information Security TrainingExecutive Information Security Training
Executive Information Security Training
Angela Samuels
 
Network Security for Employees
Network Security for Employees Network Security for Employees
Network Security for Employees
OPSWAT
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
CAS
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
Major Hayden
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
Cristian Mihai
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Enterprise Management Associates
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
Ben Johnson
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
Priscila Bernardes
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
Sandeep Taileng
 
Eliminating Security Uncertainty
Eliminating Security UncertaintyEliminating Security Uncertainty
Eliminating Security Uncertainty
Dell World
 
Are Your IT Systems Secure?
Are Your IT Systems Secure?Are Your IT Systems Secure?
Are Your IT Systems Secure?
Nex-Tech
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
North Texas Chapter of the ISSA
 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate College
WorkSmart Integrated Marketing
 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINAKelvin Medina, CISSP, PA-QSA, QSA, GCIH, CISA, ITIL
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
User security awareness
User security awarenessUser security awareness
User security awareness
K. A. M Lutfullah
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-bBbAOC
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threatmilliemill
 
Cybersafety basics.ppt cs
Cybersafety basics.ppt csCybersafety basics.ppt cs
Cybersafety basics.ppt cs
Vinay Soni
 
Infosec IQ - Anti-Phishing & Security Awareness Training
Infosec IQ - Anti-Phishing & Security Awareness TrainingInfosec IQ - Anti-Phishing & Security Awareness Training
Infosec IQ - Anti-Phishing & Security Awareness Training
David Alderman
 
In defence of the human factor
In defence of the human factorIn defence of the human factor
In defence of the human factor
Ciarán Mc Mahon
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
IJNSA Journal
 
Senior Seminar Paper
Senior Seminar PaperSenior Seminar Paper
Senior Seminar PaperAnthony Orton Jr
 

More Related Content

What's hot

Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
Major Hayden
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
Cristian Mihai
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
SlideTeam
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Enterprise Management Associates
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
KloudLearn
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
Ben Johnson
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
Priscila Bernardes
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
Sandeep Taileng
 
Eliminating Security Uncertainty
Eliminating Security UncertaintyEliminating Security Uncertainty
Eliminating Security Uncertainty
Dell World
 
Are Your IT Systems Secure?
Are Your IT Systems Secure?Are Your IT Systems Secure?
Are Your IT Systems Secure?
Nex-Tech
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
North Texas Chapter of the ISSA
 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate College
WorkSmart Integrated Marketing
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
User security awareness
User security awarenessUser security awareness
User security awareness
K. A. M Lutfullah
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-bBbAOC
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threatmilliemill
 
Cybersafety basics.ppt cs
Cybersafety basics.ppt csCybersafety basics.ppt cs
Cybersafety basics.ppt cs
Vinay Soni
 
Infosec IQ - Anti-Phishing & Security Awareness Training
Infosec IQ - Anti-Phishing & Security Awareness TrainingInfosec IQ - Anti-Phishing & Security Awareness Training
Infosec IQ - Anti-Phishing & Security Awareness Training
David Alderman
 

What's hot (19)

Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
 
End User Security Awareness Presentation
End User Security Awareness PresentationEnd User Security Awareness Presentation
End User Security Awareness Presentation
 
Cybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation SlidesCybersecurity Powerpoint Presentation Slides
Cybersecurity Powerpoint Presentation Slides
 
Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...Security Awareness Training: Are We Getting Any Better at Organizational and ...
Security Awareness Training: Are We Getting Any Better at Organizational and ...
 
Employee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - KloudlearnEmployee Awareness in Cyber Security - Kloudlearn
Employee Awareness in Cyber Security - Kloudlearn
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
Information security awareness training
Information security awareness trainingInformation security awareness training
Information security awareness training
 
Eliminating Security Uncertainty
Eliminating Security UncertaintyEliminating Security Uncertainty
Eliminating Security Uncertainty
 
Are Your IT Systems Secure?
Are Your IT Systems Secure?Are Your IT Systems Secure?
Are Your IT Systems Secure?
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
 
Security Firm Program - Corporate College
Security Firm Program - Corporate CollegeSecurity Firm Program - Corporate College
Security Firm Program - Corporate College
 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINA
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
User security awareness
User security awarenessUser security awareness
User security awareness
 
Module0&1 intro-foundations-b
Module0&1 intro-foundations-bModule0&1 intro-foundations-b
Module0&1 intro-foundations-b
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threat
 
Cybersafety basics.ppt cs
Cybersafety basics.ppt csCybersafety basics.ppt cs
Cybersafety basics.ppt cs
 
Infosec IQ - Anti-Phishing & Security Awareness Training
Infosec IQ - Anti-Phishing & Security Awareness TrainingInfosec IQ - Anti-Phishing & Security Awareness Training
Infosec IQ - Anti-Phishing & Security Awareness Training
 

Similar to Human Error in Cyber Security

In defence of the human factor
In defence of the human factorIn defence of the human factor
In defence of the human factor
Ciarán Mc Mahon
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
IJNSA Journal
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats Modeling
IJNSA Journal
 
Investigating Tertiary Students’ Perceptions on Internet Security
Investigating Tertiary Students’ Perceptions on Internet SecurityInvestigating Tertiary Students’ Perceptions on Internet Security
Investigating Tertiary Students’ Perceptions on Internet Security
ITIIIndustries
 
A review of cyberbullying and cyber threats in education 2
A review of cyberbullying and cyber threats in education 2A review of cyberbullying and cyber threats in education 2
A review of cyberbullying and cyber threats in education 2IAEME Publication
 
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATIONA REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION
Claire Webber
 
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION 2
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION 2A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION 2
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION 2
Claire Webber
 
Information Security Management in University Campus Using Cognitive Security
Information Security Management in University Campus Using Cognitive SecurityInformation Security Management in University Campus Using Cognitive Security
Information Security Management in University Campus Using Cognitive Security
CSCJournals
 
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxRunning Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
charisellington63520
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every Organization
April Dillard
 
Running Head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY .docx
Running Head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY .docxRunning Head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY .docx
Running Head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY .docx
healdkathaleen
 
Cyber security rule of use internet safely
Cyber security rule of use internet safelyCyber security rule of use internet safely
Cyber security rule of use internet safely
Alexander Decker
 
A Systematic Literature Review On The Cyber Security
A Systematic Literature Review On The Cyber SecurityA Systematic Literature Review On The Cyber Security
A Systematic Literature Review On The Cyber Security
Amy Cernava
 
Cyber attack awareness and prevention in network security
Cyber attack awareness and prevention in network securityCyber attack awareness and prevention in network security
Cyber attack awareness and prevention in network security
IJICTJOURNAL
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
IJERA Editor
 
ISSC451 Cybercrime.docx
ISSC451 Cybercrime.docxISSC451 Cybercrime.docx
ISSC451 Cybercrime.docx
stirlingvwriters
 
Teori 1 pengantar keamanan
Teori 1 pengantar keamananTeori 1 pengantar keamanan
Teori 1 pengantar keamanan
Syaiful Ahdan
 

Similar to Human Error in Cyber Security (20)

In defence of the human factor
In defence of the human factorIn defence of the human factor
In defence of the human factor
 
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITYSYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
SYSTEM END-USER ACTIONS AS A THREAT TO INFORMATION SYSTEM SECURITY
 
Senior Seminar Paper
Senior Seminar PaperSenior Seminar Paper
Senior Seminar Paper
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats Modeling
 
Forensics
ForensicsForensics
Forensics
 
Investigating Tertiary Students’ Perceptions on Internet Security
Investigating Tertiary Students’ Perceptions on Internet SecurityInvestigating Tertiary Students’ Perceptions on Internet Security
Investigating Tertiary Students’ Perceptions on Internet Security
 
A review of cyberbullying and cyber threats in education 2
A review of cyberbullying and cyber threats in education 2A review of cyberbullying and cyber threats in education 2
A review of cyberbullying and cyber threats in education 2
 
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATIONA REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION
 
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION 2
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION 2A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION 2
A REVIEW OF CYBERBULLYING AND CYBER THREATS IN EDUCATION 2
 
Information Security Management in University Campus Using Cognitive Security
Information Security Management in University Campus Using Cognitive SecurityInformation Security Management in University Campus Using Cognitive Security
Information Security Management in University Campus Using Cognitive Security
 
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxRunning Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every Organization
 
Running Head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY .docx
Running Head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY .docxRunning Head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY .docx
Running Head ANNOTATED BIBLIOGRAPHYANNOTATED BIBLIOGRAPHY .docx
 
Cyber security rule of use internet safely
Cyber security rule of use internet safelyCyber security rule of use internet safely
Cyber security rule of use internet safely
 
A Systematic Literature Review On The Cyber Security
A Systematic Literature Review On The Cyber SecurityA Systematic Literature Review On The Cyber Security
A Systematic Literature Review On The Cyber Security
 
Cyber attack awareness and prevention in network security
Cyber attack awareness and prevention in network securityCyber attack awareness and prevention in network security
Cyber attack awareness and prevention in network security
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 
E-Commerce Privacy and Security System
E-Commerce Privacy and Security SystemE-Commerce Privacy and Security System
E-Commerce Privacy and Security System
 
ISSC451 Cybercrime.docx
ISSC451 Cybercrime.docxISSC451 Cybercrime.docx
ISSC451 Cybercrime.docx
 
Teori 1 pengantar keamanan
Teori 1 pengantar keamananTeori 1 pengantar keamanan
Teori 1 pengantar keamanan
 

Recently uploaded

Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
nhiyenphan2005
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 

Recently uploaded (20)

Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
Bài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docxBài tập unit 1 English in the world.docx
Bài tập unit 1 English in the world.docx
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 

Human Error in Cyber Security

  • 1. Literature Review Antti Ollila 24.2.2016 KOG520 University of Jyväskylä
  • 2.  Computers… ◦ …are logical ◦ …are bad at making informed decisions ◦ …do not make mistakes ◦ …are designed, operated, built and maintained… ◦ … by humans (Saariluoma 2013, TJTA103 opening lecture)
  • 3.  Humans can be… ◦ …unskilled ◦ …taking unnecessary risks ◦ …careless ◦ …tired, sick, etc.  Humans are needed to make technology work (Saariluoma 2013, TJTA103 opening lecture)
  • 4.  Happens everywhere ◦ and all the time  Email to wrong recipient  Cashier giving too much change  More complexity, bigger impact ◦ UK: disclosed personal information on 25m citizens ◦ Italy: Costa Concordia ◦ Finland: Nokia Water Crisis
  • 5.  3rd most significant threat in 2003(Whitman)  46% of cyber security incidents in UK 2011- 2012(Lee)  Weakest link in the cyber security chain Whitman, M. E. (2003). Enemy at the gate: threats to information security. Communications of the ACM, 46(8), 91-95. Lee, M. G. (2012, October). Securing the human to protect the system: Human factors in cyber security. In System Safety, incorporating the Cyber Security Conference 2012, 7th IET International Conference on (pp. 1-5). IET.
  • 6.  Google Scholar, IEEEXplore, sciencedirect ◦ ”Cyber Security Human Error” ◦ ”Cyber Security Human Factor” ◦ ”Usable Security” ◦ ”Cyber Security Usability” ◦ Years 2010-2016  Forward searching from articles found or read before
  • 7.  Toward Automated Reduction of Human Errors based on Cognitive Analysis (Miyamoto, D. & Takahashi, T. 2013)  Securing the Human to Protect the System: Human Factors in Cyber Security (Lee, M.G. 2012)  Measuring the Human Factor of Cyber Security (Bowen et al. 2011)  Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness (Akhawe, D. & Felt, A. P. 2013)  Guidelines for Usable Cybersecurity: Past and Present (Nurse et al. 2011)
  • 8.  Framework to gather data to understand human error  Less biased than questionnaires  Cognitive psychology ◦ Monitor eye movement and facial skin temperature when performing tasks
  • 9.  Well-Meaning Insider ◦ slips ◦ lapses ◦ mistakes  Malicious Insider ◦ violations  Malicious Outsider  46% by well-meaning insiders, 17% violations
  • 10.  Training system to prevent phishing  Generates phishing emails and tracks the success rate  In test group(2000 university students and staff) no successful phishing attempts after 4 iterations
  • 11.  Study on browser warning messages  Sample of ~25m interactions  Malware warnings ◦ 7.2% Firefox, 23.2% Chrome  Good design can increase security
  • 12.  Too complex security systems might lead to weakened security  19 design guidelines for better usability  Usability and Security do not have to be seen as competing system goals
  • 13.  Security is rarely primary task  Not everyone is a security specialist ◦ And also the experts make errors  Human error is significant threat to information security...  ...but it can be mitigated to some extent by design and training
  • 14.  ”Companies spend millions of dollars on firewalls and secure access devices, and it’s money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems” -Kevin Mitnick