Deborah Sater Carstens

Evaluation of the human impact of password authentication practices on information security

Introduction The increase in computing and networking expansion as well as increases in threats have enhanced the need to perpetually manage information security within an organization. Although there is literature addressing the human side of information security, events such as 9/11 and the war on terrorism has created more of a burden for organizations, government and private industry, enhancing the need for more research in information security. Carnegie Mellons Computer Emergency Response Team (2004) has collected statistics showing that 6 security incidents were reported in 1988 compared to 137,529 in 2003. A survey by the Federal Bureau of Investigation (FBI) suggested that 40% of organizations surveyed claimed that system penetrations from outside their organization have increased from the prior year by 25% (Ives, Walsh, & Schneider, 2004). The U.S. Department of Homeland Security (2002) is concerned with the need for information security measures. Therefore, the Federal Information Security Management Act of 2002 was put into place for the purposes of protecting information and systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability of information. The government has an information security responsibility ranging from protecting intelligence information to issuing social security numbers for each citizen. Private industry must also be concerned with information security as it is vital for the livelihood of any company to protect customers personal information along with the management of each companys supply chain (Olivia, 2003). Earlier research identified the presence of human error risks to the security of information systems (Wood & Banks 1993, Courtney as cited in NIST, 1992). A survey conducted by one of the authors, identified password issues as the second most likely human error risk factor to impact an information system. The significance of this is enhanced when realizing that passwords are the primary source of user authentication for the majority of personal and private information systems. The past research findings of password issues as a human error risk factor has been further identified as a threat to security by the University of Findlay Center for Terrorism Preparedness (2003), who developed a vulnerability assessment methodology to better help organizations identify their weaknesses in terms of information security. Extensive password requirements can overload human memory capabilities as the number of passwords and their complexity level increases. The exponential growth in security incidents (Carnegie Mellon Computer Emergency Response Team, 2004) requires a comprehensive approach to the development of password guidelines which do not exceed human memory limitations yet maintain strength of passwords as necessitated by the information technology (IT) community. The IT community consists of network administrators or security officers who are directly responsible for information security in terms of integrity, confidentiality, and availability of information. In earlier investigations, over 50% of incidents that occur within government and private organizations have been connected to human errors (NIST, 1992). The impact of human error on information security is an important issue that left unresolved can have adverse affects on industry. This research is focused on measuring the impact of password demands as a means of authentication and mitigating the risks that result when these demands exceed human capabilities. Literature Review Information Security Information security involves making information accessible to those who need the information, while maintaining integrity and confidentiality. The three categories that are used to classify information security risks are confidentiality, integrity, and accessibility or availability of information (U. …

Error analysis leading technology development

The aim of the research was to provide a valid theoretical frame consisting of both task and error analyses methods to analyse elder patients’ clinical pathway within a healthcare system. The research study consisted of (a) utilizing a task analysis method to identify the process workflow affiliated with elder patients transitioning through different continuums of care to receive medical treatment; (b) utilizing an error analysis method to identify opportunities for improvement in the workflow that enhances both patient safety and healthcare worker efficiency and; (c) developing an ideal process workflow that incorporates the recommendations for improvement. The study findings contribute towards a larger research effort being proposed consisting of the development and implementation of a shared web-based patient community information system enabling hospitals and nursing homes to share patient information resulting in increased knowledge of a patients medical history, decreased errors and enhanced patient safety.

Development of a Model for Determining the Impact of Password Authentication Practices on Information Security

This research focuses on the development of a model for evaluating the human impact that password authentication issues are having on the security of information systems. Through observational analysis, organizational policy, and retrospective analysis, researchers created a model for predicting the vulnerability that a particular set of conditions will have on the likelihood of error in an information system. The methodology for the experiment and analysis of the results are presented. The findings indicate that human error associated with password authentication can be significantly reduced through the use of passwords which are comprised of meaningful data for the user and which meet the information technology community requirement for strength of password. The details of this study are provided as well as the human factors implications in information security.

Task and error analysis balancing benefits over business of electronic medical records

Task and error analysis research was performed to identify: a) the process for healthcare organisations in managing healthcare for patients with mental illness or substance abuse; b) how the process can be enhanced and; c) if electronic medical records (EMRs) have a role in this process from a business and safety perspective. The research question is if EMRs have a role in enhancing the healthcare for patients with mental illness or substance abuse. A discussion on the business of EMRs is addressed to understand the balancing act between the safety and business aspects of an EMR.

A Usability Model for Government Web Sites

A usability model is proposed for developers of government Web sites. The model is based on the findings of a study to identify potential usability barriers of state government Web sites when accessing information on government accountability. The model was then applied during a heuristic evaluation of fifty government Web sites. The model is based on four core usability components consisting of readability, reading complexity, navigation and supportability. The model is discussed in terms of its practical application for improving state government Web sites for the purposes of enhancing the usefulness and ease of use in navigating state government Web sites.