Looking for Examples of Security Vulnerabilities Caused by End-users (reminder)

[Eric Case <eric () ERICCASE COM>]

Just a reminder, the University of Arizona MIS department is looking for
examples of security vulnerabilities caused by users.

 

A researcher I know at the University of Arizona MIS department is working
on a Delphi Study to create an instrument to gauge security behavior from an
end-user perspective.  This is part of a larger project to test the
influence of different security controls and policies on end-user cognitive
effort and security behavior.  They assume this is a "normal" end-user, not
IT staff, without malicious intent and security vulnerabilities are caused
by negligence to or ignorance of security best practices/policies.  Their
hope is that organizations can use this instrument as a standardized
measurement to gauge end-user security behavior.

 

Their short survey of two main questions, what examples of end-user caused
security vulnerabilities have you seen and what names would you use to
categorize them, is at
http://atrial.qualtrics.com/SE/?SID=SV_3C1uTD0YJ7izb0M.  Examples might be,
filling passwords in the rolodex under P, emailing sensitive info without
encrypting it, reinstalling the OS on their workstation so they have admin
access, etc.  Please take a few minutes to share your experience with them.

 

-Eric

 

 

Eric Case, CISSP

eric (at) ericcase (dot) com

http://www.linkedin.com/in/ericcase

(520) 344-CISO (2476)

Attachment: smime.p7s
Description: