Диагностика инсайдерских рисков и угроз в управлении кадровой безопасностью предприятия

Авторы: Д. Затонацкий, ORCID ID 0000000248289144, аспирант, Национальный институт стратегических исследований, Киев, Украина

Аннотация: Проанализированы зарубежные подходы к диагностике рисков и угроз в системе управления кадровой безопасностью предприятия, выявлены сильные и слабые стороны моделей в рамках этих подходов, обосновано сферу их применения. Приведены рекомендации по внедрению комплексной и целостной системы кадровой безопасности для улучшения практики психологической диагностики и мони- торинга действий сотрудников, в том числе – совершенствование систем сбора информации о поведенческих индикаторов сотруд- ников в корпоративной среде и за его пределами.

Ключевые слова: кадровая безопасность, экономическая безопасность, управление кадровой безопасностью, модели кадровой без- опасности, управление персоналом

Received: 10-03-19

1st Revision: 15-03-19

Accepted: 11-04-19

DOI: https://doi.org/10.17721/1728-2667.2019/204-3/3

References

Herasymenko, O.M., 2012. Modeling of the personnel security system of the subject of management. Actual problems of economics, 2, pp. 118-124.
Zachosova, N.V. and Nadtochii, Ya. M., 2017. Areas of ensuring the reliability of personnel and personnel security of economic entities.
Black Sea Economic Studies, 21, pp. 82-86.
Semenchenko, A V., 2015. Improvement of personnel security as an element of strengthening of financial and economic security of the enterprise. Business Inform, 9, pp. 428-433.
Kavtysh, O. P., 2015. Systemic nature of personnel security of the enterprise. Economic bulletin of NTUU “KPI”, 12, pp. 181-189.
Burda, I. Ya., 2011. Monitoring personnel security of enterprises of the publishing and printing industry: methodical principles and results of testing. The Scientific Bulletin of Lviv State University of Internal Affairs (economic series), 2, pp. 239-247.
Shevchenko, V. Ye., 2012. Personnel security of the enterprise: organizational and psychological aspects. Scientific Notes of “KROK” University, 14, pp. 124-129.
Panchenko, V.A., 2018. Scheme of actions of insiders in the system of personnel security of business entities. Entrepreneurship and Trade, 22, pp. 101-107.
Cherednychenko O. Yu., 2017. Topical issues of personnel security as an important component of the security system of an institution, institution, enterprise. Honor and Law, 4, pp. 44-48.
Cherchyk, L., 2017. Personnel Security Management in the Enterprise Personnel Management System. Economic Journal Lesya Ukrainka Eastern European National University, № 4. pp. 57-61.
Liashenko, O.M., 2013. Human security in the system of economic security of the enterprise. Economics, Entrepreneurship, Management, 25(2), pp. 274-279.
Al-Dhahri, S., Al-Sarti, M. & Abdul, A. (2017). Information Security Management System. International Journal of Computer Applications, 158(7), 29-33.
Greitzer, F.L., Kangas, L.J., Noonan, C.F., Dalton, A.C., & Hohimer, R.E. (2012). Identifying At-Risk Employees: Modeling Psychosocial Precursors of Potential Insider Threats. 45th Hawaii International Conference on System Sciences. Retrieved from https://www.researchgate.net/publication/261527163_Identifying_At- Risk_Employees_Modeling_Psychosocial_Precursors_of_Potential_Insider_Threats
Moore, A.P, Cappelli, D.M and Trzeciak R.F, 2008. “The “Big Picture” of Insider It Sabotage across U.S. Critical Infrastructures.” in Insider Attack and Cyber Security, eds. SJ Stolfo, et al., Vol 39, pp. 17-52. Springer US.
Willison, R, 2009. Motivations for Employee Computer Crime: Understanding and Addressing Workplace Disgruntlement through the Application of Organisational Justice. Technical Rpt. Working Paper No. 1, Copenhagen Business School, Department of Informatics, Copenhagen, Denmark.
Shaw, ED, and LF Fischer, 2005. Ten Tales of Betrayal: The Threat to Corporate Infrastructures by Information Technology Insiders. Report 1 – Overview and General Observations. Technical Rpt. TR 0504.
Kramer, LA, RJ Heuer, Jr., and KS Crawford, 2005. Technological, Social, and Economic Trends That Are Increasing U.S. Vulnerability to Insider Espionage. Technical Rpt. TR 05-10, Defense Personnel Security Research Center, Monterey, CA.
Gudaitis, T.M., 1998. “The Missing Link in Information Security: Three Dimensional Profiling.” CyberPsychology & Behavior 1:321-40.
Five-factor personal questionnaire McCrae-Costa (“Big Five”). [pdf] Project “Vseosvita”. Available at: <https://fc.vseosvita.ua/0010bc- 73ae.pdf> [Accessed 04 May 2019].
Keeney, M, et al, 2005. Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors. Technical, U.S. Secret Service and Carnegie-Mellon University, Software Engineering Institute, CERT Coordination Center.
Workman, M, 2009. “A Field Study of Corporate Employee Monitoring: Attitudes, Absenteeism, and the Moderating Influences of Procedural Justice Perceptions.” Information and Organization 19:218-32.
Wells, J.T., 2001. “Enemies Within.” Journal of Accountancy 192:31-35.
Sokolowski, J.A., & Banks, C.M. (2015). Agent implementation for modeling insider threat. Proceedings of the 2015 Winter Simulation Conference. Retrieved from https://www.researchgate.net/publication/302479872_Agent_implementation_for_modeling_insider_threat
Alahmadi, B.A., Legg, P.A., & Nurse, J.R. (2015). Using Internet Activity Profiling for Insider-threat Detection. Proceedings of the 17th International Conference on Enterprise Information Systems. Retrieved from http://www.scitepress.org/DigitalLibrary/Link.aspx?doi= 10.5220%2f0005480407090720
Davis, C. and Fox, J. (1993). Excessive exercise and weight preoccupation in women. Addictive Behaviors, 18(2):201-211.
Axelrad, E.T., Sticha, P. J., Brdiczka, O., and Shen, J. (2013). A bayesian network model for predicting insider threats. In Security and Privacy Workshops (SPW), 2013 IEEE, pages 82-89.
Shaw, E., Ruby, K., and Post, J. (1998). The insider threat to information systems: The psychology of the dangerous insider. Security Awareness Bulletin, 2(98): 1-10.
J. B. Colombe, 2004. “Statistical profiling and visualization for detection of malicious insider attacks on computer networks,” in Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, Washington DC, USA,
W. Eberle and L. Holder, “Applying graph-based anomaly detection approaches to the discovery of insider threats,” in Intelligence and Security Informatics, 2009. ISI ’09. IEEE International Conference on, 2009, pp. 206-208.
G. Gavai, K. Sricharan, D. Gunning, J. Hanley, M. Singhal, and R. Rolleston, 2015. “Supervised and unsupervised methods to detect insider threat from enterprise social and online activity data,” Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), vol. 6, no. 4, pp. 47-63.
P.K.A. Ladipo, PhD, Associate Professor ORCID iD 0000-0003-0420-9760

Загрузить

  • pdf 204-20-28
    Размер файла: 521 kB Кол-во скачиваний: 8