Information system security threats and vulnerabilities: evaluating the human factor in data protection
Abstract
Researches in information security have all these while been concerned only with technical problems. Attempts to curb security problems are either software-centered or hardware-oriented. The greatest loophole in information security are people who use the computers. However, there have been limited attempts in addressing the people aspect of security.
In this study the missing link in information security, that is, the end-user working on the system is addressed. Despite the implementation of technological solutions, the human factor is still vulnerable to attacks and hence in need of further investigation and interrogation.
The study draws its data from a survey conducted on people who frequently use information systems. Professional and technical inputs were also solicited from IT personnel through interviews. Four experiments were conducted to test the accuracy of the survey. A phony phish system was developed to test respondents’ information security. The goal of the phony phish system is to send phishing emails that can be used to measure the accuracy of the survey. The rest of the experiments were SQL injection, cross site scripting and brute force attack.
The thesis argues that advancement in security technologies do not always guarantee secure environments. Thus, information security cannot be depended exclusively on hardware or software. It is people who use computers and therefore information security is also a human factor issue. It also suggests, for information and data breaches to be curbed, organizations must adopt a holistic security framework, incorporating the human factor vulnerability to it.
Description
A thesis submitted to the Department of Computer Science, Kwame Nkrumah University of Science and Technology in partial fulfilment of the requirements for the degree of Master of Science.