Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists

Applied Ergonomics

Volumn 38, Issue 2, 2007, Pages 143-154

  Kraemer, Sara ^a   Carayon, Pascale ^a  

^a University of Wisconsin Madison   (United States)

Author keywords

Computer security; Human error; Macroergonomic; Qualitative research; Violation; Work system

Indexed keywords

COMPUTER SCIENCE; ERGONOMICS; INFORMATION ANALYSIS; PUBLIC POLICY; SECURITY OF DATA;

HUMAN ERROR; MACROERGONOMIC; QUALITATIVE RESEARCH; WORK SYSTEM;

ERROR ANALYSIS;

ARTICLE; AUDIO RECORDING; COMPUTER NETWORK; COMPUTER SECURITY; ERROR; INFORMATION PROCESSING; OPERATOR; TAXONOMY;

EID: 33750513188     PISSN: 00036870     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.apergo.2006.03.010     Document Type: Article

References (32)

1. Beatty P.C.W., and Beatty S.F. Anaesthetists' intentions to violate safety guidelines. Anaesthesia 59 6 (2004) 528-540
2. Besnard D., and Greathead D. A cognitive approach to safe violations. Cogn. Techn. Work 5 4 (2003) 272-282
3. Breakwell G.M., Hammond S., and Fife-Schaw C. Research Methods in Psychology (1995), Sage Publications, London
4. Carayon P., and Kraemer S. Macroergonomics in WWDU: What about computer and information security. In: Cakir G. (Ed). Proceedings of the Sixth International Scientific Conference on Work With Display Units-WWDU 2002-World Wide Work (2002), ERGONOMIC Institut fur Arbeits- und Sozialforschung Forschungsgesellschaft mbH, Berlin, Germany 87-89
5. Carayon, P., Kraemer, S., 2003. Human factors in e-security: the business viewpoint. Report 184 Center for Quality and Productivity Improvement. Madison, WI, 2003 〈http://www.engr.wisc.edu/centers/cqpi/〉.
6. Carayon P., and Smith M.J. Work organization and ergonomics. Appl. Ergon. 31 (2000) 649-662
7. Charmaz K. Grounded theory: objectivist and constructivist methods. In: Denzin N.K., and Lincoln Y.S. (Eds). Handbook of Qualitative Research. second ed (2000), Sage Publications, Inc., Thousand Oaks 509-535
8. Computer Science and Telecommunications Board-National Research Council, 2002. Cybersecurity Today or Tomorrow: Pay Now or Pay Later. National Academy Press, Washington, DC.
9. Dutta A., and McCrohan K. Management's role in information security in a cyber economy. Cali. Man. Rev. 45 1 (2002) 67-87
10. Fulford H., and Doherty N.F. The application of information security policies in large UK-based organizations: an exploratory investigation. Info. Mgt. & Comp. Sec. 11 3 (2003) 106-114
11. Glaser B.G., and Strauss A. The Discovery of Grounded Theory: Strategies for Qualitative Research (1967), Aldine, Chicago
12. Hendrick H.W., and Kleiner B.M. Macroergonomics: An Introduction to Work System Design (2001), Human Factors and Ergonomics Society, Santa Monica
13. Howard J.D., and Meunier P. Using a "Common Language" for computer security incident information. In: Bosworth S., and Kabay M.E. (Eds). Computer Security Handbook. fourth ed (2002), Wiley, New York 3.1-3.22
14. Kraemer S., and Carayon P. Computer and information security culture: findings from two studies. Proceedings of the 49th Annual Meeting of the Human Factors and Ergonomics Society (2005), Human Factors and Ergonomics Society, Orlando, Florida 1483-1487
15. Mitchell J.C. Case and situational analysis. Socio. Rev. 31 2 (1983) 187-211
16. Norman D.A. Design rules based on analyses of human error. Commun. ACM 26 4 (1983) 254-258
17. Polet P., Vanderhaegen F., and Amalberti R. Modeling border-line tolerated conditions of use (BTCU) and associated risks. Saf. Sci. 41 (2003) 111-136
18. Rasmussen J. Human errors: a taxonomy for describing human malfunction in industrial installations. J. Occ. Acc. 4 (1982) 311-333
19. Rasmussen J. Risk management in a dynamic society: a modelling problem. Saf. Sci. 27 2/3 (1997) 183-213
20. Rasmussen J., Pejtersen A.M., and Goodstein L.P. Cognitive Systems Engineering (1994), Wiley, New York
21. Reason J. Human Error (1990), Cambridge University Press, New York
22. Reason J. Managing the Risks of Organizational Accidents (1997), Ashgate, Brookfield
23. Seale C. The Quality of Qualitative Research (1999), Sage Publications, London
24. Siponen M.T. A conceptual foundation for organizational information security awareness, Info. Mgt. Comp. Sec. 8 1 (2000) 31-41
25. Smith M.J., and Carayon-Sainfort P. A balance theory of job design for stress reduction. Int. J. Ind. Ergo. 4 (1989) 67-79
26. Stokes, J., 2000. Stock Watch. Denver Rocky Mountain News, September 12, 2000.
27. Taylor S.T., and Bogdan R. Introduction to Qualitative Research Methods: A Guidebook and Resource. third ed (1998), Wiley, New York
28. Trochim W.M.K. The Research Methods Knowledge Base. second ed (2001), Atomic Dog Publishing, Cincinnati
29. Wickens C.D., Lee J., Liu Y., and Gordon-Becker S.E. An Introduction to Human Factors Engineering. second ed (2004), Pearson Education, New York
30. Wilson J.R. Fundamentals of ergonomics in theory and practice. Appl. Ergon. 31 (2000) 557-567
31. Whitman M.E. Enemy at the gate: threats to information security. Comm. ACM 46 8 (2003) 91-95
32. Zohar D. Safety climate in industrial organizations: theoretical and applied implications. J. Appl. Psych. 65 1 (1980) 96-102