Managing Human Factor To Improve Information Security In Organization

AlHogail, Areej (2017-05-02)


Abstract: There are many security risks to the organizations’ information assets; nonetheless, among the major threats to achieve a secure information environment are the actions and behavior of the employees when handling information. Insiders, intentionally or unintentionally, can cause serious risks, despite investments usually made on security control measures and other security related products. Neglecting the human factor could lead to security breaches as human factor determine the behavior of the employees toward information security. This paper attempts to focus on the role of human factor in achieving the required level of security and suggest a best practice recommendation guideline that is based on the Human Factor Diamond (HFD) framework. HFD focus on the human factor issues that can influence employees’ behavior toward information security in organizations. The framework is structured in two dimensions, and four domains. Each domain has been mapped to a set of guideline in order to give practical guide to organization management and security practitioners to minimize threats posed by the employees’ behavior to information security. Keywords: human factor; information security; human behavior; information security controls; insider (employee) threats, best practice guideline