Authors:
Philip Nyblom
1
;
Gaute Wangen
2
;
Mazaher Kianpour
1
and
Grethe Østby
1
Affiliations:
1
Department of Information Security and Communication Technology, NTNU, Teknologiveien 22, 2815 Gjøvik, Norway
;
2
IT Department, NTNU, Teknologiveien 22, 2815 Gjøvik, Norway
Keyword(s):
Root Cause Analysis, Socio-technical Analysis, Passwords, Security by Consensus.
Abstract:
Compromised usernames and passwords are a continuous problem that several organizations struggle with even though this is a known problem with known solutions. Passwords remain a problem for the modern University as it struggles to balance the goals of academic openness and availability versus those of modern cybersecurity. Through a case study, this paper researches the root causes of why compromised user accounts are causing incidents at a Scandinavian University. The applied method was root cause analysis combined with a socio-technical analysis to provide insight into the complexity of the problem and to propose solutions. The study used an online questionnaire targeting respondents who had their accounts compromised (N=72) to determine the probable root causes. Furthermore, the socio-technical approach consisted of the Security by Consensus model to analyze how causes interact in the system layers. We constructed a scoring scheme to help determine the plausible root causes of co
mpromise, and here we identified password re-use across multiple sites (41.7%) as the most probable cause of individual compromise, followed by weak passwords (25.0%), malware infections (19.4%) and phishing (9.7%). Furthermore, the socio-technical analysis revealed structural problems, especially at the ethical-cultural and administrative-managerial layers in the organization as the primary root causes.
(More)