A Human Factors Vulnerability Evaluation Method for Computer and Information Security

There is a current lack of human factors identification and analysis methods in computer and information security. Previous research has focused on micro-level issues, such as task analyses and usability studies of security methods such as smart cards, passwords, and biometric devices. The purpose of this research is to develop a framework for identifying human factors and organizational issues contributing to computer and information security vulnerabilities and breaches. This framework is applied in conjunction with technical security audits. The purpose of this research is to test, develop, and refine the proposed methodology. This study examines the methodology with known computer and information technical vulnerabilities through semi-structured interviews with network administrators. These interviews yielded results in the form of methodology refinements and developments and two case studies of technical security vulnerabilities, using what is called the Human Factors Vulnerability Analysis, or HFVA.