Educause Security Discussion mailing list archives

Re: Security Incidents due to user error

From: Gary Flynn <flynngn () JMU EDU>
Date: Tue, 30 Jan 2007 12:17:42 -0500

Anthony Maszeroski wrote:

I'm looking for a figure for the approximate percentage of security
incidents attributed to user/human error. I know I've read some
statistics before, but I can't seem to locate them now. Does anyone have
a pointer to this information?



I'd say almost 100%:

Design errors
Developer errors
System Administration errors
Network Administration errors
Security Administration errors
Operator errors
Risk Assessment errors ( at every level )
Management errors

Though I suspect you were asking only for errors
attributed to the poor, maligned soul at the
keyboard. :)

Sorry, I don't know of any formal studies.


--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Current thread:

Security Incidents due to user error Anthony Maszeroski (Jan 30)
- <Possible follow-ups>
- Re: Security Incidents due to user error Penn, Blake (Jan 30)
- Re: Security Incidents due to user error Dodge, Adam (Jan 30)
- Re: Security Incidents due to user error Gary Flynn (Jan 30)
- Re: Security Incidents due to user error Melissa Guenther (Jan 30)