Risks to the public in computers and related systems
ACM SIGSOFT Software Engineering Notes
Fundamentals of computer security technology
Fundamentals of computer security technology
Software aspects of strategic defense systems
Communications of the ACM
Computer related risks
A taxonomy for analyzing hazards to information systems
Information systems security
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Technical opinion: Information system security management in the new millennium
Communications of the ACM
Design rules based on analyses of human error
Communications of the ACM
Usability Engineering
Computer Security Management
Information Processing and Human-Machine Interaction: An Approach to Cognitive Engineering
Information Processing and Human-Machine Interaction: An Approach to Cognitive Engineering
The Future of Systems Research
Computer
Risks to the public in computers and related systems
ACM SIGSOFT Software Engineering Notes
The New Face of War: How War will be Fought in the 21st Century
The New Face of War: How War will be Fought in the 21st Century
Recovery Oriented Computing (ROC): Motivation, Definition, Techniques,
Recovery Oriented Computing (ROC): Motivation, Definition, Techniques,
Differences between novice and expert systems analysts: what do we know and what do we do?
Journal of Management Information Systems
In defense of the realm: understanding the threats to information security
International Journal of Information Management: The Journal for Information Professionals
Implementing the ISO/IEC 17799 standard in practice: experiences on audit phases
AISC '08 Proceedings of the sixth Australasian conference on Information security - Volume 81
ACM Transactions on Internet Technology (TOIT)
Detecting complex account fraud in the enterprise: The role of technical and non-technical controls
Decision Support Systems
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model
Journal of Management Information Systems
Hi-index | 0.00 |
Taxonomies of information security threats usually distinguish between accidental and intentional sources of system risk. Security reports have paid a great deal of attention in recent years to the growing problem of hacking and intentional abuse. The prevalence of these reports suggests that hacking has become a more severe problem in relation to other security threats, such as human error. In this paper, we report on research that addresses this question: "How have changes over time in the frequency of hacking and other intentional forms of security threats affected the validity of information systems risk management taxonomies?" We replicate a simple study of the proportions of categories of security threats that was originally completed in 1993. Comparing the results from the replicated study with the results from the original study, we find that the proportions of threat categories have, in contradiction with the popular perception, remained relatively stable over the past decade. These results indicate that human error remains a significant and poorly recognized issue for information systems security. We propose and validate an elaborated taxonomy of information security threats that provides additional insight into human error as a significant source of security risk.