Proceedings of the Eighth International Conference on Probabilistic Safety Assessment & Management (PSAM)
199 The Human Factor in Network System Survivability (PSAM-0090)
Download citation file:
- Ris (Zotero)
- Reference Manager
Information technology continues to change the paradigm of business and government operations. Organizations manage and exchange data and even control processes over an increasingly interweaved information highway. Along with this new paradigm of operation comes an ever-increasing reliance on this information technology infrastructure, not only internal to the organization, but externally as well. Essential business functions rely on its continuity. Survivability analysis is an area of research and practice designed to conduct a systematic evaluation of an organization's resilience against and also in the midst of adversarial events. The common solution to many of these analyses is to implement technological solutions such as redundant networks, new software patches, firewalls, automated backup systems, etc. Research in this area has failed to a large extent to address the most critical component of system survivability—the human. The strongest wall in the world does no good if the door is left unlocked, i.e. technological solutions will fail if they are not employed correctly. The first section of this paper will present a brief overview of survivability analysis and the potential impact of human performance with a focus on human error. Next, the paper examines human error and its effect on survivability issues including case studies and potential mitigation strategies. The purpose of this paper is to examine how human performance can influence computer network survivability. Additionally, this paper will introduce human reliability analysis (HRA) as a method for identifying and describing human performance as a system component for survivability analysis.
In comparison with other domains such as aeronautics and the nuclear industry, the information technology domain significantly lags in its evaluation and assessment of human contribution to overall system performance including system survivability. While formal HRA methods may not be appropriate for all organizations, task analysis and data collection are activities that should be part of an ongoing information management program. While this paper focuses on the deleterious aspect of human performance, the positive impact of human performance must also be noted. Although sometimes the weakest link in the chain, the human operator or employee can be a stop-gate that prevents system failure or compromise. For employees to be fully utilized as an asset in information security and network system survivability, a strong understanding of their role, skills, and performance shaping factors within their task domain is essential.