The Root Causes of Compromised Accounts at the University

Philip Nyblom; Gaute Wangen; Mazaher Kianpour; Grethe Østby

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

The Root Causes of Compromised Accounts at the University

Topics: Security; Security Awareness and Education; Threat Awareness; Vulnerability Analysis and Countermeasures

In Proceedings of the 6th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 540-551, 2020 , Valletta, Malta

Authors: Philip Nyblom ¹ ; Gaute Wangen ² ; Mazaher Kianpour ¹ and Grethe Østby ¹

Affiliations: ¹ Department of Information Security and Communication Technology, NTNU, Teknologiveien 22, 2815 Gjøvik, Norway ; ² IT Department, NTNU, Teknologiveien 22, 2815 Gjøvik, Norway

Keyword(s): Root Cause Analysis, Socio-technical Analysis, Passwords, Security by Consensus.

Abstract: Compromised usernames and passwords are a continuous problem that several organizations struggle with even though this is a known problem with known solutions. Passwords remain a problem for the modern University as it struggles to balance the goals of academic openness and availability versus those of modern cybersecurity. Through a case study, this paper researches the root causes of why compromised user accounts are causing incidents at a Scandinavian University. The applied method was root cause analysis combined with a socio-technical analysis to provide insight into the complexity of the problem and to propose solutions. The study used an online questionnaire targeting respondents who had their accounts compromised (N=72) to determine the probable root causes. Furthermore, the socio-technical approach consisted of the Security by Consensus model to analyze how causes interact in the system layers. We constructed a scoring scheme to help determine the plausible root causes of co mpromise, and here we identified password re-use across multiple sites (41.7%) as the most probable cause of individual compromise, followed by weak passwords (25.0%), malware infections (19.4%) and phishing (9.7%). Furthermore, the socio-technical analysis revealed structural problems, especially at the ethical-cultural and administrative-managerial layers in the organization as the primary root causes. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.133.140.79

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Nyblom, P.; Wangen, G.; Kianpour, M. and Østby, G. (2020). The Root Causes of Compromised Accounts at the University. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-399-5; ISSN 2184-4356, SciTePress, pages 540-551. DOI: 10.5220/0008972305400551

@conference{icissp20,
author={Philip Nyblom. and Gaute Wangen. and Mazaher Kianpour. and Grethe Østby.},
title={The Root Causes of Compromised Accounts at the University},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - ICISSP},
year={2020},
pages={540-551},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008972305400551},
isbn={978-989-758-399-5},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - ICISSP
TI - The Root Causes of Compromised Accounts at the University
SN - 978-989-758-399-5
IS - 2184-4356
AU - Nyblom, P.
AU - Wangen, G.
AU - Kianpour, M.
AU - Østby, G.
PY - 2020
SP - 540
EP - 551
DO - 10.5220/0008972305400551
PB - SciTePress