CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Information System Security Threats and Vulnerabilities: Evaluating the Human Factor in Data Protection

by Omar Safianu, Frimpong Twum, J. B. Hayfron-Acquah
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 143 - Number 5
Year of Publication: 2016
Authors: Omar Safianu, Frimpong Twum, J. B. Hayfron-Acquah
10.5120/ijca2016910160

Omar Safianu, Frimpong Twum, J. B. Hayfron-Acquah . Information System Security Threats and Vulnerabilities: Evaluating the Human Factor in Data Protection. International Journal of Computer Applications. 143, 5 ( Jun 2016), 8-14. DOI=10.5120/ijca2016910160

@article{ 10.5120/ijca2016910160,
author = { Omar Safianu, Frimpong Twum, J. B. Hayfron-Acquah },
title = { Information System Security Threats and Vulnerabilities: Evaluating the Human Factor in Data Protection },
journal = { International Journal of Computer Applications },
issue_date = { Jun 2016 },
volume = { 143 },
number = { 5 },
month = { Jun },
year = { 2016 },
issn = { 0975-8887 },
pages = { 8-14 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume143/number5/25071-2016910160/ },
doi = { 10.5120/ijca2016910160 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:45:30.815508+05:30
%A Omar Safianu
%A Frimpong Twum
%A J. B. Hayfron-Acquah
%T Information System Security Threats and Vulnerabilities: Evaluating the Human Factor in Data Protection
%J International Journal of Computer Applications
%@ 0975-8887
%V 143
%N 5
%P 8-14
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Researches in information security have all these while been concerned only with technical problems and efforts to improve information security have been software-centered or hardware-oriented. There have been limited attempts in addressing the people who use the computers though they are the greatest loophole in information systems security. This paper examines and addresses the threats end-users pose to systems security. Regardless of the countlessly introduced technological solutions aimed at addressing system vulnerabilities, the human factor is still of greater threat to systems security. The study draws its data from a survey conducted on people who frequently use information systems. Professional and technical inputs were also solicited from IT personnel through interviews. Four experiments were conducted to test the accuracy of the survey. A phony phish system was developed to test respondents’ information security consciousness. The goal of the phony phish system was to send phishing emails that can be used to measure the accuracy of the survey. The rest of the experiments were SQL injection, cross site scripting and brute force attack. The results from the study revealed that, the numerous technical advances in information technology do not always produce more secure environments. Thus, information security cannot be described as solely a technical problem. Computers are operated by people and this means that information security is also a human factor issue. It is therefore suggested, for information and data breaches to be curbed, organizations must adopt a holistic security framework, incorporating the human factor.

References
  1. Kruger, H.A. and Kearney, W.D. (2006). A prototype for assessing information security awareness. Computers and Security, 25, 289-296
  2. James, A. K., Barton P. M., Eduardo, C. and Elisa, H. (2009) “First principles vulnerability assessment,” (http://research.cs.wisc.edu/mist/VA.pdf), (accessed 2014 February 21)
  3. Philip S. A., Robert H. A., Richard M., and Michael S. (2003)The vulnerability assessment and mitigation methodology. Santa Monica: RAND.
  4. Moore, H. D. (2007). Exploiting Vulnerabilities. Presentation Slide, Secure Application Development (Secappdev.org)
  5. Lesia, L. C and McCauley-Bell, P. R (2007). The human factors issues in information security: What are they and do they matter? In Proceedings of the Human Factors and Ergonomics Society, pages 439–443.
  6. Smith, R. D. (2004) Public servers vulnerability assessment report. Swansea: SANS Institute
  7. Silver, P. (2013) Vulnerability assessment with application security. WA : F5 Networks, Inc.
  8. Anita, G., Kavita, K. and Kirandeep, K. (2013) Vulnerability assessment and penetration testing. International Journal of Engineering Trends and Technology 4 (13).
  9. Matsui, M. (1994) Linear cryptanalysis method or DES cipher. Advances in Cryptology-EUROCRYPT ’93, pp 386-397
  10. Elbaz, L. and Bar-El, H. (2000). Strength assessment of encryption algorithms. Tokyo: Discretix Technologies Ltd.
  11. Bogdanov, A., Khovratovich, D., and Rechbereger, C. (2011) Biclique Cryptanalysis of the full AES. http://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf
  12. Shulman, A. (2006). Top ten database security threats. Foster City, CA: Imperva Inc.
  13. Kashefi, I., Kassiri, M., and Shahidinijad, A. (2013) A survey of on security issues in firewall: a new approach for classifying fire wall vulnerabilieties. Internationla Journal of Engineering Researh and Applications (IJERA) 3 (2). pp. 585-591
  14. Stoneburner, G., Goguen, A., and Feringa, A. (2002).  Risk Management Guide for  Information Technology Systems – Recommendation of the National Instituteof Standard and Technology (Special Publications).National Institute of Standard and Technology (NIST).
  15. OWASP Organization. (2013). “The Open Web Applications Security Project,” (https://www.owasp.org/index.php/Category), (accessed on April 3, 2014)
  16. Kaspersky Lab. (2013). “Software vulnerabilities,” (http://www.securelist.com/en/threats/vulnerabilities?chapter=35), (accessed on June 20, 2014)
Index Terms

Computer Science
Information Sciences

Keywords

Database misconfiguration Insider threat Login attempts Personal security policy privacy settings

Powered by PhDFocusTM