Method of Assessing the Influence of Personnel Competence on Institutional Information Security

Author:

Pilkevych Ihor,Boychenko Oleg,Lobanchykova Nadiia,Vakaliuk Tetiana,Semerikov Serhiy

Abstract

Modern types of internal threats and methods of counteracting these threats are analyzed. It is established that increasing the competence of the staff of the institution through training (education) is the most effective method of counteracting internal threats to information. A method for assessing the influence of personnel competence on institutional information security is proposed. This method takes into account violator models and information threat models that are designed for a specific institution. The method proposes to assess the competence of the staff of the institution by three components: the level of knowledge, skills, and character traits (personal qualities). It is proposed to assess the level of knowledge based on the results of test tasks of different levels of complexity. Not only the number of correct answers is taken into account, but also the complexity of test tasks. It is proposed to assess the assessment of the level of skills as the ratio of the number of correctly performed practical tasks to the total number of practical tasks. It is assumed that the number of practical tasks, their complexity is determined for each institution by the direction of activity. It is proposed to use a list of character traits for each position to assess the character traits (personal qualities) that a person must have to effectively perform the tasks assigned to him. This list should be developed in each institution. It is proposed to establish a quantitative assessment of the state of information security, defining it as restoring the amount of probability of occurrence of a threat from the relevant employee to the product of the general threat and employees of the institution. An experiment was conducted, the results of which form a particular institution show different values of the level of information security of the institution for different values of the competence of the staff of the institution. It is shown that with the increase of the level of competence of the staff of the institution the state of information security in the institution increases.

Publisher

CEUR Workshop Proceedings

Reference25 articles.

1. [1] 2020 Insider Threat Report. Cybersecurity Insiders, URL: https://www.cybersecurityinsiders.com/wp-content/uploads/2019/11/2020-Insider-Threat-Report-Gurucul.pdf

2. [2] N. Kuharska, Informacijna bezpeka jak element korporatyvnoji struktury Aktualʹni problemy upravlinnja informacijnoju bezpekoju deržavy: zb. tez nauk. dop. nauk.-prakt. konf. (Kyjiv, 4 kvitnja 2019. Kyjiv : Nac. akad. SBU) 70-73.

3. [3] A. A. Cain, M. E. Edwards, J. D. Still, An exploratory study of cyber hygiene behaviors and knowledge. Journal of Information Security and Applications. Vol. 42 (2018) 36-45.

4. [4] S.Honchar, H. Leonenko, Analysis of the factors influencing condition cybersecurity of information system of object of the critical infrastructure. Information Technology and Security. Vol. 4, Iss. 2 (7) (2016) 262-268.

5. [5] S. Kovalenko. Insajderska zahroza jak odna z aktualnyx problem kiberbezpeky. Osnovni metody vyjavlennja Aktualʹni problemy kiberbezpeky : zb. tez dop. Vseukrajinsʹkoji nauk. konf. (Kyjiv, 24 žovtnja 2019 Kyjiv : DUT) 28-32.

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3