Educause Security Discussion mailing list archives
Looking for Examples of Security Vulnerabilities Caused by End-users (reminder)
From: Eric Case <eric () ERICCASE COM>
Date: Mon, 6 Sep 2010 18:15:50 -0700
Just a reminder, the University of Arizona MIS department is looking for examples of security vulnerabilities caused by users. A researcher I know at the University of Arizona MIS department is working on a Delphi Study to create an instrument to gauge security behavior from an end-user perspective. This is part of a larger project to test the influence of different security controls and policies on end-user cognitive effort and security behavior. They assume this is a "normal" end-user, not IT staff, without malicious intent and security vulnerabilities are caused by negligence to or ignorance of security best practices/policies. Their hope is that organizations can use this instrument as a standardized measurement to gauge end-user security behavior. Their short survey of two main questions, what examples of end-user caused security vulnerabilities have you seen and what names would you use to categorize them, is at http://atrial.qualtrics.com/SE/?SID=SV_3C1uTD0YJ7izb0M. Examples might be, filling passwords in the rolodex under P, emailing sensitive info without encrypting it, reinstalling the OS on their workstation so they have admin access, etc. Please take a few minutes to share your experience with them. -Eric Eric Case, CISSP eric (at) ericcase (dot) com http://www.linkedin.com/in/ericcase (520) 344-CISO (2476)
Attachment:
smime.p7s
Description:
Current thread:
- Looking for Examples of Security Vulnerabilities Caused by End-users (reminder) Eric Case (Sep 06)