<abstract xmlns="http://www.w3.org/1999/xhtml">

<p>With increasing technical safeguards to protect information systems, Human error continues to be a critical factor contributing to the rise in information systems attacks and data breaches. Inadequate or unenforceable Cybersecurity policies or training can open doors for adversaries to circumvent technical safeguards and paint a picture of a growing cybersecurity problem. The problem investigated in this work assesses if organizations adequately invest in resources to provide industry-aligned cybersecurity education, training, and awareness that can minimize human error leading to cyber-attacks. This work aims to investigate breaches attributed to human errors and compare cybersecurity policies, education, training, and awareness programs in three different schools in New York State. The work focused on user awareness and vulnerable behaviours, effective training for users, and investigating start-of-the-art approaches to gauge or evaluate the organization’s cybersecurity stance when compared to industry frameworks like the NIST framework. A Triangulation research approach including quantitative, qualitative, and descriptive methods are adopted for this work. Instruments for data collection include a survey, literature review, qualitative analysis to identify research gaps, and assessments of the questionnaires. This work demonstrates that formulated enforced cybersecurity policies coupled with targeted security education, training, and awareness are instrumental to decreasing user errors, thereby reducing the probability of a cyber-attack.</p>
</abstract>

With increasing technical safeguards to protect information systems, Human error continues to be a critical factor contributing to the rise in information systems attacks and data breaches. Inadequate or unenforceable Cybersecurity policies or training can open doors for adversaries to circumvent technical safeguards and paint a picture of a growing cybersecurity problem. The problem investigated in this work assesses if organizations adequately invest in resources to provide industry-aligned cybersecurity education, training, and awareness that can minimize human error leading to cyber-attacks. This work aims to investigate breaches attributed to human errors and compare cybersecurity policies, education, training, and awareness programs in three different schools in New York State. The work focused on user awareness and vulnerable behaviours, effective training for users, and investigating start-of-the-art approaches to gauge or evaluate the organization’s cybersecurity stance when compared to industry frameworks like the NIST framework. A Triangulation research approach including quantitative, qualitative, and descriptive methods are adopted for this work. Instruments for data collection include a survey, literature review, qualitative analysis to identify research gaps, and assessments of the questionnaires. This work demonstrates that formulated enforced cybersecurity policies coupled with targeted security education, training, and awareness are instrumental to decreasing user errors, thereby reducing the probability of a cyber-attack.

Human Error - A Critical Contributing Factor to the Rise in Data Breaches: A Case Study of Higher Education

University at Albany, State University of New York

HOLISTICA – Journal of Business and Public Administration

This work is licensed under the Creative Commons Attribution 4.0 International License.

With increasing technical safeguards to protect information systems, Human error continues to be a critical factor contributing to the rise in information...

Human Error - A Critical Contributing Factor to the Rise in Data Breaches: A Case Study of Higher Education

Online veröffentlicht: 23. Juni 2023

Seitenbereich: 110 - 132

Eingereicht: 01. Dez. 2022

Akzeptiert: 01. Apr. 2023

DOI: https://doi.org/10.2478/hjbpa-2023-0007

Schlüsselwörter
Human Error, Security, Policies, Training, Attacks

© 2023 Katherine Amoresano et al., published by Sciendo

This work is licensed under the Creative Commons Attribution 4.0 International License.

Human Error - A Critical Contributing Factor to the Rise in Data Breaches: A Case Study of Higher Education

Online veröffentlicht: 23. Juni 2023

Seitenbereich: 110 - 132

Eingereicht: 01. Dez. 2022

Akzeptiert: 01. Apr. 2023

DOI: https://doi.org/10.2478/hjbpa-2023-0007

SchlüsselwörterHuman Error, Security, Policies, Training, Attacks

© 2023 Katherine Amoresano et al., published by Sciendo

This work is licensed under the Creative Commons Attribution 4.0 International License.

Schlüsselwörter
Human Error, Security, Policies, Training, Attacks