Mitigating human factors threatening IT security
Themes: Social Impact, Software technology & Intelligent Systems
A TRL is a measure to indicate the matureness of a developing technology. When an innovative idea is discovered it is often not directly suitable for application. Usually such novel idea is subjected to further experimentation, testing and prototyping before it can be implemented. The image below shows how to read TRL’s to categorise the innovative ideas.
Summary of the project
Systems operators are the real world janitors. They have the keys to all the rooms. With a further integration and growing importance of the role and function of IT systems in our everyday life ensuring the safety and security of these systems becomes important. Your IT system is made and maintained by people and thus subject to human errors.
As an IT systems engineer the researcher aims at making IT system less error prone by understanding how operators act and deal with security misconfigurations, misengineering in software and their personal responsibility in management decisions. With this insight he will be able to come up with mitigation strategies that will help to change the culture of IT operators enhancing the overall safety of IT systems.
-
The focus of this research track is on understanding how these errors take place despite the fact that the engineering literature technically knows how to prevent these errors from happening.
The project started with identifying what problems occur in IT security systems that are a result of a human error through large scale Internet measurements. The next step is to identify the reasons why these errors occur and what kind of actions can be taken to prevent these from happening. For this, the researchers used interviews and questionnaires with operators. With this knowledge the researcher will be able to design and test mitigation strategies that will prevent human errors and could change the culture amongst system operators, globally enhancing IT systems’ security.
What's next?
For the next step in the project the researcher is looking for industry partners with their own IT systems and operators who would be willing to join the project.
Dr.-Ing. Tobias Fiebig