Towards minimising human factor in end-user information security

Abstract

Today there are many hardware and software solutions to enhance information security, but there is limited research regarding the human factor in information security. Research has revealed that the application of information security technologies alone does not always result in improved security. Human factors immensely contribute to the security of information systems. This research study therefore addresses the missing link in information security, that is, the end-user working with the information system. In this study, a survey was carried out in two state universities in order to establish the human factors that compromise information security. The major factors established were divided into four categories namely, Social Engineering, Carelessness, bad Password behavior and Security training. Failure to refer to Information Technology (IT) policy and lack of information security training were major drivers in compromising information security. Findings from the survey were used to design a model aimed at reducing human factors in information security, called the Human Factors Collaboration Reinforcement model. Since this proposed model is based on collaborative monitoring of security policy violation, an information security policy was consequently designed, so as to facilitate the implementation of the model.