Human Dimension of Information Security: Autopsy of a Data Breach
Verified
Added on 2023/06/07
|4
|789
|310
AI Summary
This article discusses the human dimension of information security and how it contributes to data breaches. It uses the Target data breach as a case study to illustrate how human factors can lead to cybersecurity issues.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Cybersecurity- Autopsy of a data breach Name Institution Professor Course Date
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Human dimension of information security Information system security has become one of the fundamental security concern in technology error. Most of the cybersecurity issues are caused by human inability to act accordingly (Johnston & Warkentin, 2010). Human aspect in information security builds the subjectof discussion on howhuman factor mightbe a majorloophole in fight against cybersecurity. It is a reality human have had a great contribution to cybersecurity by failing to adhere to required security measures. Data collection and storage by any organization should be stored securely and in a secure manner. According to Prasadet al.(2011), confidentiality of data must be guaranteed by any firm purporting to collect sensitive data for business use. In this case, organization fail to meet the principle of confidentiality by not storing data while encrypted. Encryption makes it difficult to make use of data even after hackers gain access to data storage. Similarly, failure by organizations to put in place both authentication and authorization measures makes data vulnerable (Chandler, 2012). Authentication is used by organization to determine who has access to systems and data storage devices. On the other hand, authorization gives privileges to authenticated system user to manipulate data. In regard to data collection, storage and access principles, human factor has been rated as one of the most cybersecurity concern causing data breaches. Most of the data breaches that have been reported shows cybersecurity experts, novice system users and organizational management reluctant in enforcing information system security measures (Proctor & Zandt, 2018). It is generally acceptable that, minimizing human factor in cybersecurity can result to reduced data breaches. Human dimension on Target case data breach It is definite that human dimension contributed greatly to Target data breach. At first instance, through use of automated penetration detection system, Targets security experts were
able to receive alerts but did not take necessary measures to determine their originality. Alerts were usually made to serve as a signal to Target’s experts on possibility of unauthenticated system penetration (Budzak, 2016). Despite system generating alert signals prior to first instance of data importation, experts decided to ignore such important signals. Additionally, Target experts went ahead to put off alert generation since they did not have trust on them. Deactivating alerts and ignoring any system alert shows a blatant experts idea to disregard indicators of possible system penetration. Further, observable human aspect that contributed to Target data breach was use of direct channel between its Point of Sale (PoS) networks to the HVAC firm Fazio Mechanical services. Through use of organizational trusted trading partner, hackers used phishing to get a single response from Target network. The last factor that contributed to Target data breach was failure by experts from warning novice users’ against responding to untrusted emails. All these human factors gives enough proof of reluctant in preventing any form of data breach. To enhance data privacy and confidentiality, Target firm should have implemented data security measures such as; access control mechanisms, identification and classification of system users in terms of threat control and training of users (Makridis & Dean, 2017). References Budzak, D. (2016).Information security–The people issue. Business Information Review, 33(2), 85-89. Chandler, D. (2012).Resilience and human security: The post-interventionist paradigm. Security dialogue, 43(3), 213-229. Johnston, A. C., & Warkentin, M. (2010).Fear appeals and information security behaviors: an empirical study. MIS quarterly, 549-566.
Makridis, C. A., & Dean, B. (2017).The Economic Effects of Cyber Security Failures on Firms: Evidence from Publicly Reported Data Breaches. Prasad, P., Ojha, B., Shahi, R. R., Lal, R., Vaish, A., & Goel, U. (2011).3 dimensional security in cloud computing. In Computer Research and Development (ICCRD), 2011 3rd International Conference on (Vol. 3, pp. 198-201). IEEE. Proctor, R. W., & Van Zandt, T. (2018).Human factors in simple and complex systems. CRC press.