The human factor as a vulnerability in information security
DOI:
https://doi.org/10.6008/SPC2179-684X.2017.003.0012Keywords:
Human factor, information, vulnerability, information securityAbstract
Among the possible vulnerabilities related to information security that are present in an organizational environment, technical, physical and human vulnerabilities, literature highlights the human factor as the weakest and most important element in the information security management. It is not possible to create barriers or tools to protect the human component, just as they are created for the technical and physical components. This article aims to perform a descriptive analysis of the vulnerabilities caused by human actions in an organizational environment from the perception of the user and the IT support team, focusing on the threats and incidents caused by the human factor. To carry out the study, a questionnaire was applied with two groups of employees of a federal education institution, a group of employees was formed by IT professionals and another group was formed by IT users, that is, employees who have no relation with the maintenance of the IT park of the organization. The results obtained served as a basis for propositions that demonstrated that human actions, both by non-technical users and technical users, who should take care of information security, can generate serious problems for information security.
Downloads
Downloads
Published
Issue
Section
License
The CBPC - Companhia Brasileira de Produção Científica (Brazil CNPJ: 11.221.422/0001-03) the material rights of the published works. The rights relate to the publication of the work anywhere in the world, including rights to renewals, expansions and dissemination of the contribution, as well as other subsidiary rights. All electronically published works may subsequently be published in printed collections under the coordination of this company and / or its partners. The authors preserve the copyright, but are not allowed to publish the contribution in another medium, printed or digital, in Portuguese or in translation.