Towards Minimizing Human Factors In End-User Information Security

Today, many hardware and software solutions are available to enhance information security, however, little is known about the human factor in information security. Other researchers have revealed that the application of information security technologies alone does not always result in improved security. Human factors immensely contribute to the security of information systems. This paper addresses the missing link in information security, that is, the end-user working with the information system. In this study, a survey was carried out in two state universities in order to establish the human factors that compromise information security. Human factors affecting end user security were divided into four categories namely, Social Engineering, Carelessness, Bad Password behavior and Security training. Results showed that Failure to refer to Information Technology (IT) policy (under Social Engineering) and lack of information security training (security training) were the major drivers in compromising information security. Findings from the survey were used to design a model aimed at reducing human factors in information security, called the Human Factors Collaboration Reinforcement model (HFCRM). Since this proposed model is based on collaborative monitoring of security policy violation, an information security policy was consequently designed, so as to facilitate the implementation of the model.