research-article

Causes of Human Errors in Early Risk assesment in Software Project Management

Authors:

Babu RamAuthors Info & Claims

ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies

Article No.: 11, Pages 1 - 11

https://doi.org/10.1145/2905055.2905069

Published: 04 March 2016 Publication History

Abstract

This paper concerns the role of human errors in the field of Early Risk assessment in Software Project Management. Researchers have recently begun to focus on human errors in early risk assessment in large software projects; statistics show it to be major components of problems in software over 80% of economic losses are attributed to this problem. There has been comparatively diminutive experimental research on the role of human errors in this context, particularly evident at the organizational level, largely because of reluctance to share information and statistics on security issues in online software application. Grounded theory has been employed to investigate the main root of human errors in online security risks as a research methodology.

An open-ended question was asked of 103 information security experts around the globe and the responses used to develop a list of human errors causes by open coding. The paper represents a contribution to our understanding of the causes of human errors in information security contexts. It is also one of the first information security research studies of the kind utilizing Strauss and Glaser's grounded theory approaches together, during data collection phases to achieve the required number of participants' responses and is a significant contribution to the field.

References

[1]

Basu, A., & Muylle, S. (2003). Authentication in E-commerce. Communications of the ACM, 46(12), 159--166.

Digital Library

[2]

Bean, M. (2007), Human Error at the Center of IT Security Breaches. Newhorizons.com, February 2008. Online at http://www.newhorizons.com/elevate/network%20defense%20contributed%20article.pdf. Accessed on 23 January 2014.

[3]

Brostoff, A. (2004), Improving password systems effectiveness. PhD thesis, UCL, UK, unpublished.

[4]

Bubb, H. (2005). Human reliability: a key to improved quality in manufacturing. Human Factors and Ergonomics in Manufacturing, 15(4) 353--368; Wiley Periodical.

Digital Library

[5]

Business Software Alliance (2002). Information Security Governance: Toward a Framework for Action. http://www.bsa.org/country/Research%20and%20Statistics/~/media/BD05BC8FF0F04CBD9D76460B4BED0E67.ashx. Accessed 20 February 2013.

[6]

Computer Science and Telecommunications Board-National Research Council (2002). Cybersecurity Today or Tomorrow: Pay Now or Pay Later. National Academy Press, Washington, DC.

[7]

Deloitte (2008). Global Financial Services Industry (GFSI) Security Survey. Online at http://www.deloitte.com/assets/Dcom-Global/Local%20Assets/Documents/Financial%20Services. Accessed on 15 December 2012.

[8]

Edwards, C., Kharif, O., & Riley, M. (2011). Human Errors Fuel Hacking as Test Shows Nothing Stops Idiocy. Bloomberg, June 2011. Online at http://www.bloomberg.com/news/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html. Accessed on 13 March 2014.

[9]

Garfinkel, H., (1967), Studies in ethnomethodology, Eaglewood Cliffs NJ: Prentice Hall.

[10]

Hansche, S. D. (2002). Making Security Awareness Happen. In H. F. Tipton & M. Krause (Eds.), Information Security Management Handbook (4th ed., Vol. 3, pp. 337--351). New York: Auerbach Publications.

[11]

Hare, C. (2002). Policy Development. In H. F. Tipton & M. Krause (Eds.), Information Security Management Handbook (4th ed., Vol. 3, pp. 353--383). New York: Auerbach Publications

[12]

Harper, A., Harris, S., Ness, J., Eagle, C., Lenkey, G., & Williams, T., (2011) Gray Hat Hacking, The Ethical Hacker's Handbook, Third Edition, McGraw Hill.

Digital Library

[13]

Howard, P. D. (2003). The Security Policy Life Cycle: Functions and Responsibilities. In H. F. Tipton & M. Krause (Eds.), Information Security Management Handbook (4th ed., Vol. 4, pp. 999). Boca Raton: CRC Press, LLC.

[14]

Maiwald, E. (2003). Network Security, 2nd Edition. McGraw Hill.

Digital Library

[15]

McCauley-Bell, P. (1999). Predictive modeling to evaluate human impact on Internet security. Paper presented at the HFES99, Houston, TX.

[16]

NIST (1992). 1991 Annual Report of the National Computer System Security and Privacy Advisory Board. National Institute of Standards and Technology.

[17]

Reason, J. (1997). Managing the Risks of Organizational Accidents. Ashgate, Brookfield.

[18]

Reason, J. (1990). Human Error. Cambridge, UK: Cambridge University Press.

[19]

Reason, P. and Rowan, J. (eds), (1981), Human inquiry: a sourcebook of new paradigm research, Chichester: John Wiley.

[20]

Reed, D. (2010). A Balance Introduction to Computer Science (3rd edition), Pearson Prentice Hall.

[21]

Roberts, P. (2004), AOL survey finds home user ignorant to online threats. ComputerWeekly, April 2010. Online at http://www.computerweekly.com/news/2240058434/AOL-survey-finds-home-user-ignorant-to-online-threats. Accessed on 10 March 2014.

[22]

Spruit, M. E. M., & Looijen, M. (1996). IT security in Dutch practice. Computers and Security, 15(2), 157--170.

Digital Library

[23]

Swanson, M., & Guttman, B. (1996). Generally Accepted Principles and Practices for Securing Information Technology Systems. Washington D. C.: U. S. Department of Commerce, National Institute of Standards and Technology (NIST).

[24]

BSI. (1996). Information technology --- Guidelines for the management of IT Security-Part 1: Concepts and models for IT Security (BS ISO/IEC TR 13335-1:1996). London: BSI.

[25]

Whitten, A., & Tygar, J. D. (1999, August). Why Johnny can't encrypt: a usability evaluation of PGP 5.0. Paper presented at the 9th USENIX security symposiom, Washington.

Digital Library

[26]

Zurko, M. E., & Simon, R. T. (1996, 17-20 September). User Centered Security. Paper presented at the New Security Paradigms Workshop, Lake Arrowhead, CA.

Digital Library

[27]

Dowell, J., & Long, J. (1998). Conception of the cognitive engineering design problem. Ergonomics, 41(2), 126--139.

[28]

Dhillon, G., & Backhouse, J. (2001). Current directions in IS security research: towards socio-organisational perspectives. Information Systems Journal, 11, 127--153.

[29]

Hollnagel, E. (1993). Human Reliability Analysis: Context and Control. London: Academic Press.

[30]

Glaser, B. G., & Strauss, A. L. (1967).The Discovery of Grounded Theory: Strategies for qualitative research. New York: Aldine.

[31]

Allan, G. (2003). A Critique of Using Grounded Theory as a Research Method, Electronic Journal of Business Research Methods, 2(1), 1--10.

[32]

Crewell, J. W. (1998). Qualitative Inquiry and Research Design: Choosing among five Tradations. London: Sage.

[33]

Martin, P. & Turner, B. (1986), Grounded Theory and Organizational Research, The Journal of Applied Behavioral Science, 22(2): 141--157.

[34]

Kidder, L. H. & Judd, C. M. (1986).Research Methods in Social Relations(5th edn.). New York: CBS College.

[35]

Kvale, S. (2007). Doing Interviews.London: Sage.

[36]

Seidman, I. (2006).Interviewing as Qualitative Research: A guide For researchers In education and the social sciences. New York: Teachers College.

[37]

De Vaus, D. (2001).Surveys in Social Research (5th edn), London: Routledge.

[38]

Gill, J., & Johnson, P. (2002).Research Methods for Managers (3rd edn), London: Sage.

[39]

V. R Basili and D. M. A Weiss, "Methodology for Collecting Valid Software Engineering Data," IEEE Transactions on Software Engineering, Vol. SE-10, No. 3, 1984, pp. 728--738.

Digital Library

[40]

H. D. Rombach, "Practical Benefits of Goal-Oriented Measurement," In: N. Fenton and B. Littlewood, Eds., Software Reliability and Metrics, Elsevier Science Publishing Co., London, 1991, pp. 217--235.

[41]

F. V. Latum and R. V. Soligen, "Adopting GQM-Based Measurement in an Industrial Environment," IEEE Software, Vol. 15, No. 1, 1998, pp. 740--7459.

Digital Library

[42]

GQM Method Application, 2008. http://www-ivs.cs.uni-magdeburg.de/sw-eng/us/java/GQM/link3

[43]

I. Tumer, "Function Based Risk Assessment: Mapping Function to Likelihood," Proceedings of DETC'05, Vol. 5a, Long Beach, 24-28 September 2005, pp. 455--467.

[44]

Office of the Under Secretary of Defense, "DSMC Risk Management Guide for DoD Acquisition," 2nd Edition, Defense Systems Management College Press, Fort Belvoir, 1999.

[45]

A. D. Meyer and J. B. Goes, "Organizational Assimilation of Innovations: A Multilevel Contextual Analysis," Academy of Management Journal, Vol. 31, No. 4, 1988, pp. 897--923.

[46]

J. Hirtz, R. Stone, D. McAdams, S. Szykman and K. Wood, "A Functional Basis for Engineering Design: Reconciling and Evolving Previous Efforts," Research in Engineering Design, Vol. 13, No. 2, 2002, pp. 65--82.

Cited By

Patel DPatel HSultana KAnu V(2023)Programmer Cognition Failures as the Root Cause of Software Vulnerabilities: A Preliminary Review2023 Intermountain Engineering, Technology and Computing (IETC)10.1109/IETC57902.2023.10152150(242-246)Online publication date: 12-May-2023
https://doi.org/10.1109/IETC57902.2023.10152150

Recommendations

Monitoring risk response actions for effective project risk management

Complex projects typically involve high-consequence, project-specific risks that require detailed analysis and for which risk response actions (RRAs) need to be developed and implemented. The risk picture is dynamic. The sources and consequences of ...
Human error identification and risk prioritization in overhead crane operations using HTA, SHERPA and fuzzy VIKOR method

This work develops a methodology for human error identification and prioritization.HTA and SHERPA have been used for human error analysis.Experts' linguistic input w.r.t risk parameters is modeled using fuzzy logic.Fuzzy VIKOR method has been used for ...
Human Errors in Medical Practice: Systematic Classification and Reduction with Automated Information Systems

We review the general nature of human error(s) in complex systems and then focus on issues raised by Institute of Medicine report in 1999. From this background we classify and categorize error(s) in medical practice, including medication, procedures, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICTCS '16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies

March 2016

843 pages

ISBN:9781450339629

DOI:10.1145/2905055

Copyright � 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 March 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICTCS '16

ICTCS '16: Second International Conference on Information and Communication Technology for Competitive Strategies

March 4 - 5, 2016

Udaipur, India

Acceptance Rates

Overall Acceptance Rate 97 of 270 submissions, 36%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
254
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)2

Reflects downloads up to 22 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Patel DPatel HSultana KAnu V(2023)Programmer Cognition Failures as the Root Cause of Software Vulnerabilities: A Preliminary Review2023 Intermountain Engineering, Technology and Computing (IETC)10.1109/IETC57902.2023.10152150(242-246)Online publication date: 12-May-2023
https://doi.org/10.1109/IETC57902.2023.10152150

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents