A Corporate Employee as a Subject of Corporate Information Security Management

A contradiction is revealed between the rise in the number of information security incidents in companies through the fault of employees and the stable inefficiency of measures taken by employers to reduce these incidents. It is concluded that there is a lack of attention on the part of scientists t...

Full description

Saved in:
Bibliographic Details
Published inScientific and technical information processing Vol. 47; no. 2; pp. 113 - 118
Main Author Astakhova, L. V.
Format Journal Article
LanguageEnglish
Published Moscow Pleiades Publishing 01.04.2020
Springer Nature B.V
Subjects
Computer Science
Computer Systems Organization and Communication Networks
Employees
Information management
Risk management
Security
Security management
Software
Software development tools
Staff participation
engagement
risks
social engineering attack
human as a sensor
management
organization
information security
employee
Online AccessGet full text

Cover

More Information
Summary:A contradiction is revealed between the rise in the number of information security incidents in companies through the fault of employees and the stable inefficiency of measures taken by employers to reduce these incidents. It is concluded that there is a lack of attention on the part of scientists to the current trends in corporate management (quality, personnel, knowledge, and risk management) that consists in more active participation of employees in managerial processes. The need for strengthening the role of the user of a corporate information system as a subject involved in managing its information security is substantiated based on the example of detecting social engineering attacks. The organizational, hardware, and software tools for engaging the user in this process are described.
ISSN:0147-6882
1934-8118
DOI:10.3103/S0147688220020069