Abstract
The objective of the research was to establish data relating to underlying causes of human error which are the most common cause of information security incidents within a private sector healthcare organization. A survey questionnaire was designed to proactively apply the IS-CHEC information security human reliability analysis (HRA) technique. The IS-CHEC technique questionnaire identified the most likely core human error causes that could result in incidents, their likelihood, the most likely tasks that could be affected, suggested remedial and preventative measures, systems or processes that would be likely to be affected by human error and established the levels of risk exposure. The survey was operational from 15th November 2018 to 15th December 2018. It achieved a response rate of 65% which equated to 485 of 749 people targeted by the research. The research found that, in the case of this particular participating organization, the application of the IS-CHEC technique through a questionnaire added beneficial value as an enhancement to a standard approach of holistic risk assessment. The research confirmed that the IS-CHEC in questionnaire form can be successfully applied within a private sector healthcare organization and also that a distributed approach for information security human error assessment can be successfully undertaken in order to add beneficial value. The results of this paper indicate, from the questionnaire responses supplied by employees, that organizational focus on its people and their working environment can improve information security posture and reduce the likelihood of associated information security incidents through a reduction in human error.
Highlights
It is acknowledged that people play a crucial role in the security of information [1], which is the lifeblood of a company [2], and this is not just an IT problem [2]–[4]
The research has found that in the case of this particular case study and associated participating organization, where it had already been established that human error accounted for the vast majority of reported information security incidents, that the use of the Information Security Core Human Error Causes (IS-Core Human Error Causes (CHEC)) technique proactively through a questionnaire added beneficial value as an enhancement to the standard approach of holistic risk assessment performed as part of compliance initiatives in conjunction with standards such as ISO27001 [52]
In conclusion, the research has confirmed that IS-CHEC in questionnaire form was successfully applied within a participating private sector healthcare organization with a focus on information security
Summary
It is acknowledged that people play a crucial role in the security of information [1], which is the lifeblood of a company [2], and this is not just an IT problem [2]–[4]. The associate editor coordinating the review of this manuscript and approving it for publication was Zheng Yan. earlier dataset relating to 2005 suggested that human error was the largest category at 42%. Earlier dataset relating to 2005 suggested that human error was the largest category at 42% Contrary to these figures, Lacey [10] stated that the majority of security incidents are caused by human factors and his research presented that almost 90% of workplace accidents are caused by human failure. Hals [11] stated that human error is the primary causal factor in 70%-80% of accidents in the oil and gas industry suggesting that the information security community could learn from the safety field which is more established in this area [12]–[15].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
