Human Vulnerabilities

September 11, 2007

Human vulnerabilities in network security may arise inadvertently, due to a lack of understanding of security by the network user, or deliberately, due to insider fraud. Additionally, organisations need to establish effective security cultures and need to be able to assess the potential risks, (both benign and malign) that are posed by their employees. With this in mind the NSIP launched a call for proposals as part of the Technology Strategy’s Autumn 2006 competition. The Human Vulnerabilities in Network Security call called for proposals that addressed the following questions;  What social structures, rules and attitudes should exist in an effective security culture?How is it possible to create and embed these cultural characteristics in an organisation?To what extent is it possible to assess the risk that an employee will abuse their access to an organisation’s assets for illegitimate purposes (e.g. abuse their computer network access)?This was a new area of activity for the DTI, linking technological innovation with behavioural science, and the NSIP worked closely with the Economic and Social Research Council (ESRC) in designing this call. There were a total of four successful proposals, and the initial 6 month feasibility stage projects started in April 2007. The projects are investigating the following areas;developing a novel organisational and human factors focused network security risk assessment package;developing a predictive modelling framework that assesses the effectiveness of the security policies that regulate the interaction between humans and information systems;        developing a potential technology solution for the analysis of digital communications in order to identify and act on potential security threats introduced by humans to information and IT services; andimproving attitudes towards risks both to and from information systems, specifically a software-based tool that provides a network security awareness programme that is tailored to the individual employee. After the six month feasibility stage, the consortia will present their finding to an independent panel. If successful, these projects will transition into full research programmes in April 2008 and follow-up funding of up to £4m available for the successful projects. It is worth noting that the successful projects could generate a total of £125m of extra income from successful market penetration resulting from their research. Andrew


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: