Diagnostics of Insider Risks and Threats in Personnel Security Management of the Enterprise

Authors: D. Zatonatskiy, ORCID ID 0000000248289144, PhD student, The National Institute for Strategic Studies, Kyiv, Ukraine

Abstract: for the Ukrainian enterprises it is most expedient to use the Bayesian model because it is simple in implementation, allows for the individuality of each employee’s activity and does not have ethical and legal constraints. Recommendations for introducing comprehensive and integrated personnel security systems for domestic enterprises to improve the practice of psychological diagnostics and monitoring of employee’s actions are given, in particular, improvement of systems for collecting information about employees’ behavioral indicators in the corporate environment and beyond. The necessity of using modern toolkit for diagnosing risks and threats, for instance, OCEAN and CHAMPION systems, is proved, that significantly improves personnel security management in the systems of economic safety of enterprises. It has been determined that according to the criterion of the expenditure, an effective toolkit for identifying insider risks and threats can be a model based on data on social and interactive activities of enterprise employees.

Key words: personnel security, economic security, personnel security management, personnel security models, personnel management

Received: 10-03-19

1st Revision: 15-03-19

Accepted: 11-04-19

DOI: https://doi.org/10.17721/1728-2667.2019/204-3/3


Herasymenko, O.M., 2012. Modeling of the personnel security system of the subject of management. Actual problems of economics, 2, pp. 118-124.
Zachosova, N.V. and Nadtochii, Ya. M., 2017. Areas of ensuring the reliability of personnel and personnel security of economic entities.
Black Sea Economic Studies, 21, pp. 82-86.
Semenchenko, A V., 2015. Improvement of personnel security as an element of strengthening of financial and economic security of the enterprise. Business Inform, 9, pp. 428-433.
Kavtysh, O. P., 2015. Systemic nature of personnel security of the enterprise. Economic bulletin of NTUU “KPI”, 12, pp. 181-189.
Burda, I. Ya., 2011. Monitoring personnel security of enterprises of the publishing and printing industry: methodical principles and results of testing. The Scientific Bulletin of Lviv State University of Internal Affairs (economic series), 2, pp. 239-247.
Shevchenko, V. Ye., 2012. Personnel security of the enterprise: organizational and psychological aspects. Scientific Notes of “KROK” University, 14, pp. 124-129.
Panchenko, V.A., 2018. Scheme of actions of insiders in the system of personnel security of business entities. Entrepreneurship and Trade, 22, pp. 101-107.
Cherednychenko O. Yu., 2017. Topical issues of personnel security as an important component of the security system of an institution, institution, enterprise. Honor and Law, 4, pp. 44-48.
Cherchyk, L., 2017. Personnel Security Management in the Enterprise Personnel Management System. Economic Journal Lesya Ukrainka Eastern European National University, № 4. pp. 57-61.
Liashenko, O.M., 2013. Human security in the system of economic security of the enterprise. Economics, Entrepreneurship, Management, 25(2), pp. 274-279.
Al-Dhahri, S., Al-Sarti, M. & Abdul, A. (2017). Information Security Management System. International Journal of Computer Applications, 158(7), 29-33.
Greitzer, F.L., Kangas, L.J., Noonan, C.F., Dalton, A.C., & Hohimer, R.E. (2012). Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats. 45th Hawaii International Conference on System Sciences. Retrieved from https://www.researchgate.net/publication/261527163_Identifying_At- Risk_Employees_Modeling_Psychosocial_Precursors_of_Potential_Insider_Threats
Moore, A.P, Cappelli, D.M and Trzeciak R.F, 2008. “The “Big Picture” of Insider It Sabotage across U.S. Critical Infrastructures.” in Insider Attack and Cyber Security, eds. SJ Stolfo, et al., Vol 39, pp. 17-52. Springer US.
Willison, R, 2009. Motivations for Employee Computer Crime: Understanding and Addressing Workplace Disgruntlement through the Application of Organisational Justice. Technical Rpt. Working Paper No. 1, Copenhagen Business School, Department of Informatics, Copenhagen, Denmark.
Shaw, ED, and LF Fischer, 2005. Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders. Report 1 – Overview and General Observations. Technical Rpt. TR 0504.
Kramer, LA, RJ Heuer, Jr., and KS Crawford, 2005. Technological, Social, and Economic Trends That Are Increasing U.S. Vulnerability to Insider Espionage. Technical Rpt. TR 05-10, Defense Personnel Security Research Center, Monterey, CA.
Gudaitis, T.M., 1998. “The Missing Link in Information Security: Three Dimensional Profiling.” CyberPsychology & Behavior 1:321-40.
Five-factor personal questionnaire McCrae-Costa (“Big Five”). [pdf] Project “Vseosvita”. Available at: <https://fc.vseosvita.ua/0010bc- 73ae.pdf> [Accessed 04 May 2019].
Keeney, M, et al, 2005. Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. Technical, U.S. Secret Service and Carnegie-Mellon University, Software Engineering Institute, CERT Coordination Center.
Workman, M, 2009. “A Field Study of Corporate Employee Monitoring: Attitudes, Absenteeism, and the Moderating Influences of Procedural Justice Perceptions.” Information and Organization 19:218-32.
Wells, J.T., 2001. “Enemies Within.” Journal of Accountancy 192:31-35.
Sokolowski, J.A., & Banks, C.M. (2015). Agent implementation for modeling insider threat. Proceedings of the 2015 Winter Simulation Conference. Retrieved from https://www.researchgate.net/publication/302479872_Agent_implementation_for_modeling_insider_threat
Alahmadi, B.A., Legg, P.A., & Nurse, J.R. (2015). Using Internet Activity Profiling for Insider-threat Detection. Proceedings of the 17th International Conference on Enterprise Information Systems. Retrieved from http://www.scitepress.org/DigitalLibrary/Link.aspx?doi= 10.5220%2f0005480407090720
Davis, C. and Fox, J. (1993). Excessive exercise and weight preoccupation in women. Addictive Behaviors, 18(2):201-211.
Axelrad, E.T., Sticha, P. J., Brdiczka, O., and Shen, J. (2013). A bayesian network model for predicting insider threats. In Security and Privacy Workshops (SPW), 2013 IEEE, pages 82-89.
Shaw, E., Ruby, K., and Post, J. (1998). The insider threat to information systems: The psychology of the dangerous insider. Security Awareness Bulletin, 2(98): 1-10.
J. B. Colombe, 2004. “Statistical profiling and visualization for detection of malicious insider attacks on computer networks,” in Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, Washington DC, USA,
W. Eberle and L. Holder, “Applying graph-based anomaly detection approaches to the discovery of insider threats,” in Intelligence and Security Informatics, 2009. ISI ’09. IEEE International Conference on, 2009, pp. 206-208.
G. Gavai, K. Sricharan, D. Gunning, J. Hanley, M. Singhal, and R. Rolleston, 2015. “Supervised and unsupervised methods to detect insider threat from enterprise social and online activity data,” Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), vol. 6, no. 4, pp. 47-63.
P.K.A. Ladipo, PhD, Associate Professor ORCID iD 0000-0003-0420-9760