The human and organisational factors contributing to information security are still poorly understood, primarily due to a lack of research and absence of suitable techniques to assess complex digital systems. This paper presents the application of the System-Theoretic Accident Models and Process (STAMP) technique to the 2013/2014 Target Corporation data breach. The aims of the study are to investigate the causal factors using a systemic approach, and to demonstrate the benefits of the technique to information security applications. A number of critical control flaws were identified through the STAMP analysis include: i) poor external and internal communication/co-ordination of new threats and vulnerabilities; ii) inadequate learning from past events, internally and externally; iii) a lack of proactive security management to understand and learn from system successes and good practices as well as system failures; iv) ineffective management and co-ordination with the supply chain and their security systems.
History
School
Design
Published in
Contemporary Ergonomics & Human Factors 2019
Citation
WRIGHT, A. and JUN, G.T., 2019. Human and organisational factors in cybersecurity: applying STAMP to explore vulnerabilities. IN: Charles, R. and Golightly, D. (eds). Contemporary Ergonomics & Human Factors 2019, Stratford-upon-Avon, UK, 29 April-1 May 2019.