The Development of a Security Evaluation Model Focused on Information Leakage Protection for Sustainable Growth

Kim, Jawon; Lee, Chan‐Woo; Chang, Hangbae

doi:10.3390/su122410639

Cited by 9 publications

(7 citation statements)

References 15 publications

(11 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This paper compiles 43 enterprise insider threat incidents in China and other nations (including the United States and Israel) between 2009 and 2021. Then, based on the direct and indirect causes in the incident reports and concerning related studies [41][42][43][44][45][46], the HFs of insider enterprise threats were categorized and aggregated according to the item categories of the IHFACS model. Second, a workshop on information security within enterprises was held to compensate for the dearth of sample data, with the participation of experts in the field, such as senior project supervisors, network management managers, and IT engineers from various businesses.…”

Section: Application Of the Methodology 41 Application Of Hfacs Frame...mentioning

confidence: 99%

Risk Assessment of Insider Threats Based on IHFACS-BN

Zeng¹,

Dian²,

Wei³

2022

Sustainability

View full text Add to dashboard Cite

Insider threats, as one of the pressing challenges that threaten an organization’s information assets, usually result in considerable losses to the business. It is necessary to explore the key human factors that enterprise information security management should focus on preventing to reduce the probability of insider threats effectively. This paper first puts forward the improved Human Factors Analysis and Classification System (IHFACS) based on actual enterprise management. Then, the enterprise internal threat risk assessment model is constructed using the Bayesian network, expert evaluation, and fuzzy set theory. Forty-three classic insider threat cases from China, the United States, and Israel during 2009–2021 are selected as samples. Then, reasoning and sensitivity analysis recognizes the top 10 most critical human factors of the accident and the most likely causal chain of unsafe acts. The result shows that the most unsafe behavior was not assessing employees’ familiarity with the company’s internal security policies. In addition, improving the organizational impact of information security can effectively reduce internal threats and promote the sustainable development of enterprises.

show abstract

Section: Application Of the Methodology 41 Application Of Hfacs Frame...mentioning

confidence: 99%

Risk Assessment of Insider Threats Based on IHFACS-BN

Zeng¹,

Dian²,

Wei³

2022

Sustainability

View full text Add to dashboard Cite

show abstract

“…e concept of smart cities is derived from the tenets of digital media: by utilizing various novel techniques or innovative concepts, smart cities aim to connect and integrate various systems and services in cities through the reasonable allocation of urban resources to optimize urban management and improve residents' quality of life [1][2][3][4][5]. In a smart city, various novel technologies (such as the Internet of things (IoT), cloud computing, and virtual reality) are applied to di erent industries [6][7][8]. Furthermore, the city realizes the dynamically re ned management and e ectively improves residents' quality of life by establishing ubiquitous broadband connectivity, integrating the application of intelligent technologies, implementing extensive resource sharing, and further attaining comprehensive and thorough enhanced ability and perception [9][10][11].…”

Section: Related Workmentioning

confidence: 99%

Internal Resource Allocation to Information Security of Smart Cities Using Evolutionary Game Model

Zou

Xing

2022

Discrete Dynamics in Nature and Society

View full text Add to dashboard Cite

The internal resource allocation approach is proposed for the information security of smart cities using the evolutionary game model. Focusing on the information resource allocation of smart cities, the relationship among information security factors is first analyzed, then the directed connection graph and adjacency matrix are constructed to obtain its directed hierarchical structure diagram by calculating the reachable matrix, thereby developing an explanatory structure model for information security resources in smart cities. Furthermore, an evolutionary game model is established, and the replicator dynamics are used to adjust the model. Finally, three types of typical problems are investigated through simulation experiments to verify and explain the structural model.

show abstract

“…Bae et al (2016) revised and supplemented the K-ISMS to construct a set of evaluation items related to industrial security that could assess security certification systems in all the industries [24]. Currently, Kim et al (2020) presented a security assessment diagnostic model emphasizing the prevention of information leaks from the perspective of insider threats [6]. Previous studies have discussed various ways to diagnose and improve a company's technology leakage and suggested a novel diagnostic model suitable for the company's characteristics or environment.…”

Section: Technology Protection Modelsmentioning

confidence: 99%

“…However, their limitation lies in the fact that their diagnostic items are skewed toward information security-they present a highly comprehensive review of content related to information security. While several academic studies have presented diagnostic models distinct from the existing information security management systems, they are characterized by a specific focus, such as having content that is geared toward small and medium-sized enterprises (SMEs) or the leakage of information [5,6]. In other words, the existing technology protection diagnostic items either preclude or have a skewed focus toward topics such as administrative, personnel, and technical security measures, which makes the items unsuitable for the general technology protection diagnosis of companies.…”

Section: Introductionmentioning

confidence: 99%

7S Model for Technology Protection of Organizations

2021

View full text Add to dashboard Cite

Given the importance of technologies to organizations, technology leakages can cause considerable financial losses and threaten the survival of firms. Although organizations use technology protection diagnostic models to prevent such leakages, most diagnostic models focus on cybersecurity, and the evaluation system is complex, making it difficult for SMEs to use it. This makes them unsuitable for the general technology protection diagnosis of companies. Hence, this study proposes a diagnostic model that assesses these technology protection capabilities of organizations from personnel and administrative perspectives. Drawing upon the individual elements of the 7S model—shared values, strategy, structure, systems, staff, style, and skills—our model analyzes the influence of the elements on the technology protection capabilities of organizations. To determine this influence, the study conducts a questionnaire survey among 435 employees from large, larger medium-sized, and small and medium enterprises. Using the partial least squares and the artificial neural network methods, the study determines the ranking of the relative importance of the 7s elements. The results show that the shared values element most significantly influences these capabilities. The remaining elements influence the technology protection capabilities in the following order from the greatest to the least effect: staff, strategy, structure, systems, style, and skills. These findings highlight the significance of developing an awareness of the necessity of technology protection among all the members of an organization.

show abstract

The Development of a Security Evaluation Model Focused on Information Leakage Protection for Sustainable Growth

Cited by 9 publications

References 15 publications

Risk Assessment of Insider Threats Based on IHFACS-BN

Risk Assessment of Insider Threats Based on IHFACS-BN

Internal Resource Allocation to Information Security of Smart Cities Using Evolutionary Game Model

7S Model for Technology Protection of Organizations

Contact Info

Product

Resources

About