CYBER SECURITY CULTURE LEVEL ASSESSMENT MODEL IN THE INFORMATION SYSTEM-Reference-Cited by-同舟云学术

CYBER SECURITY CULTURE LEVEL ASSESSMENT MODEL IN THE INFORMATION SYSTEM

Published:2021 Issue:13 Volume:1 Page:158-169
ISSN:2663-4023
Container-title:Cybersecurity: Education, Science, Technique
language:
Short-container-title:Cybersecurity

Author:

Skiter Ihor¹^ORCID

Affiliation:

1. The Institute for Safety Problems of Nuclear Power Plants

Abstract

The paper sets the task of formalizing the processes of assessing the culture of cybersecurity of the information system of the organization. The basis is a comprehensive model that takes into account the technical and organizational parameters of the information system and the risks associated with them. The level of security culture of the information system is assessed on the basis of building an additive model. The model includes the characteristics of system state clusters. Clusters are formed on the basis of arrays of factors that correspond to different classes of information security culture. Classes are formed on the basis of sets of factors. Their impact is assessed using the severity of the consequences for the level of cybersecurity of the information system. In addition, the probability of manifestation of this factor in a particular information system is determined. The value of coefficients and probability distributions for each cluster and set of factors is estimated by expert methods and on the basis of a survey. A feature of the formation of arrays of factors is the inclusion in each cluster of a factor that reflects the passive behavior of the user to negative factors. Thus, the model introduces the probability of rejection of negative factors and the probability of ideal behavior for the formation of the appropriate class of threats. It is proposed to determine the average weights of the factors of the level of influence on the cybersecurity of the information system on the basis of the weighted average indicator. A method of estimating weights based on the equally probable distribution of negative factors within the cluster

Publisher

Borys Grinchenko Kyiv University

Subject

General Medicine

Reference12 articles.

1. Pro Nacionalnu bezpeku Ukrayiny. Zakon Ukraiyiny #2469-V111 (2018, 1 lypnua) (Ukrayina) [On National Security of Ukraine, Law of Ukraine № 2469-VIII (2018, July 1) (Ukraine)]. Відомості Верховної Ради України - Information of the Verkhovna Rada of Ukraine, 31. [In Ukraine]

2. Technical Committee for Standardization "Information Technology" (TC 20). (2014). Informatsiini tekhnolohii. Metody bezpeky. Systemy menedzhmentu informatsiinoiu bezpekoiu. Vymohy [Information Technology. Security methods. Information security of the management systems. Requirements] (DSTU ISO/IEC 27001:2013). DP «UkrNDNTs». [In Ukraine]

3. Baylon, C., Brunt, R., & Livingstone, D. (2015). Cyber Security at Civil Nuclear Facilities Understanding the Risks (Charity Registration No. 208223). The Royal Institute of International Affairs.

4. Measuring the security culture in organizations: a systematic overview of existing tools;Sas;Security Journal (34),2021

5. Seeba, M., Matuleviˇcius, R., & Toom, I. (2021). Development of the Information Security Management System Standard for Public Sector Organisationsin Estonia. У 24th International Conference on Business Information Systems (BIS2021) (с. 355-366). Technische Informationsbibliothek.

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. The Impact of Communication Technologies on the Adaptation Process of Ukrainian Refugees in Slovakia;Ethnic History of European Nations;2024

2. Cyber Security Compliance Among Remote Workers;Advanced Sciences and Technologies for Security Applications;2023