dc.contributor.author | Nyblom, Philip Johannes Brugmans | |
dc.contributor.author | Wangen, Gaute | |
dc.contributor.author | Kianpour, Mazaher | |
dc.contributor.author | Østby, Grethe | |
dc.date.accessioned | 2020-04-16T07:19:21Z | |
dc.date.available | 2020-04-16T07:19:21Z | |
dc.date.created | 2020-03-30T13:53:03Z | |
dc.date.issued | 2020 | |
dc.identifier.isbn | 978-989-758-399-5 | |
dc.identifier.uri | https://hdl.handle.net/11250/2651217 | |
dc.description.abstract | Compromised usernames and passwords are a continuous problem that several organizations struggle with even though this is a known problem with known solutions. Passwords remain a problem for the modern University as it struggles to balance the goals of academic openness and availability versus those of modern cybersecurity. Through a case study, this paper researches the root causes of why compromised user accounts are causing incidents at a Scandinavian University. The applied method was root cause analysis combined with a socio-technical analysis to provide insight into the complexity of the problem and to propose solutions. The study used an online questionnaire targeting respondents who had their accounts compromised (N=72) to determine the probable root causes. Furthermore, the socio-technical approach consisted of the Security by Consensus model to analyze how causes interact in the system layers. We constructed a scoring scheme to help determine the plausible root causes of compromise, and here we identified password re-use across multiple sites (41.7%) as the most probable cause of individual compromise, followed by weak passwords (25.0%), malware infections (19.4%) and phishing (9.7%). Furthermore, the socio-technical analysis revealed structural problems, especially at the ethical-cultural and administrative-managerial layers in the organization as the primary root causes. | en_US |
dc.language.iso | eng | en_US |
dc.publisher | SciTePress | en_US |
dc.relation.ispartof | Proceedings of the 6th International Conference on Information Systems Security and Privacy | |
dc.title | The Root Causes of Compromised Accounts at the University | en_US |
dc.type | Chapter | en_US |
dc.description.version | publishedVersion | en_US |
dc.source.pagenumber | 540-551 | en_US |
dc.identifier.cristin | 1804272 | |
dc.description.localcode | This article will not be available due to copyright restrictions (c) 2020 by SciTePress | en_US |
cristin.ispublished | true | |
cristin.fulltext | original | |
cristin.qualitycode | 1 | |