Real-Time Information Security Incident Management: A Case Study Using the IS-CHEC Technique

Information security recognised the human as the weakest link. Despite numerous international or sector-specific standards and frameworks, the information security community has not yet adopted formal mechanisms to manage human errors that cause information security breaches. Such techniques have been however established within the safety field where human reliability analysis (HRA) techniques are widely applied. In previous work we developed Information Security Core Human Error Causes (IS-CHEC) to fill this gap. This case study presents empirical research that uses IS-CHEC over a 12 month period within two participating public and private sector organisations in order to observe and understand how the implementation of the IS-CHEC information security HRA technique affected the respective organisations. The application of the IS-CHEC technique enabled the proportions of human error related information security incidents to be understood as well as the underlying causes of these incidents. The study captured the details of the incidents in terms of the most common underlying causes, selection of remedial and preventative measures, volumes of reported information security incidents, proportions of human error, common tasks undertaken at the time the incident occurred, as well as the perceptions of key individuals within the participating organisations through semi-structured interviews. The study confirmed in both cases that the vast majority of reported information security incidents relate to human error, and although the volumes of human error related incidents pertaining to both participating organisations fluctuated over the 12 month period, the proportions of human error remained consistently as the majority root cause.