Educause Security Discussion mailing list archives

Re: Security Incidents due to user error

From: "Penn, Blake" <pennb () UWW EDU>
Date: Tue, 30 Jan 2007 10:55:16 -0600

I've heard 80% before - but again, that's just anecdotal.  Dr.
Baskerville at Georgia State has done some research on this topic (it's
more focused on categorizing this threat than on statistics per se).
Here is one of his papers that is available for free on the ACM web
site:

A longitudinal study of information system threat categories: the
enduring problem of human error

ACM SIGMIS Database archive
Volume 36 ,  Issue 4  (Fall 2005) 
Pages: 68 - 79  
Year of Publication: 2005
ISSN:0095-0033

___________________________________________
Blake Penn, CISSP                             
Information Security Officer          
University of Wisconsin-Whitewater
(p) 262-472-7792 (f) 262-472-1285
pennb () uww edu | http://www.uww.edu/security

-----Original Message-----
From: Anthony Maszeroski [mailto:maszeroskia3 () SCRANTON EDU] 
Sent: Tuesday, January 30, 2007 10:36 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Security Incidents due to user error

I'm looking for a figure for the approximate percentage of security
incidents attributed to user/human error. I know I've read some
statistics before, but I can't seem to locate them now. Does anyone have
a pointer to this information?

--
- Anthony Maszeroski
-----------------------------------
Network Security Specialist
The University of Scranton
email : maszeroskia3 () scranton edu
phone : 570-941-4226
-----------------------------------

Current thread:

Security Incidents due to user error Anthony Maszeroski (Jan 30)
- <Possible follow-ups>
- Re: Security Incidents due to user error Penn, Blake (Jan 30)
- Re: Security Incidents due to user error Dodge, Adam (Jan 30)
- Re: Security Incidents due to user error Gary Flynn (Jan 30)
- Re: Security Incidents due to user error Melissa Guenther (Jan 30)