Evaluating the human factor in Information Security

Abstract

Despite the vast research in Information Security, the human factor has been found to lack interest from the research community, with most security research giving focus on the technological component of an Information Technology system. Regardless of any introduced technological solutions, the human factor is still subject to attacks and thus, in need of auditing and addressing any existing vulnerabilities. This research evaluates the human factor by the creation of a survey which examines five distinct user properties. Each of these properties comprise a series of questions, which with their turn assist on confirmation or refutation of five hypotheses. The survey was conducted on two higher academic institutions and distributed to all members of staff who have access on electronic information. Results have shown that the human factor has a significant role in Information Security; it is confirmed that users’ behaviour is linked to technology interaction, data importance perception and security oriented education. Furthermore, there is evidence that users who are non vulnerable to various types of attacks, are not necessarily invulnerable to social engineering attacks.