{"title":"行为视角下支持公司无形资产保护管理的子系统概念","authors":"Paweł Kobis","doi":"10.34190/eckm.24.1.1494","DOIUrl":null,"url":null,"abstract":"The human factor is the biggest challenge for enterprises in providing the expected level of security, whereas the lack of educated personnel is one of the key problems in building an effective system for protection against data and information threats. A human being is a non-programmable element of the system and it is difficult to predict his or her behavior in information management processes and in the face of a specific event. Humans cannot be programmed like some security applications or hardware solutions with predictable performance. Human actions very often have a stochastic effect on the operation of the system. They can be ill-considered, haphazard, affected by emotions, and taken without due attention and adequate knowledge and experience (Pham et al., 2019). All these imperfections are exploited by those whose goal is to destroy or obtain information. According to data published by several information security companies, attacks carried out by purpose-built bots and web applications that exploit a technical factor (e.g., system vulnerabilities) are becoming increasingly rare, and are being replaced by attacks in which human interaction is a key factor. The curiosity and trust, leading well-meaning individuals to click, install, open, and send information, are being exploited by cybercriminals who are increasingly adept at using social engineering techniques. \nThe aim of the present paper is to discuss the theoretical basis of information security issues from the behavioral perspective and to present the concept of a subsystem that implements measures to minimize the impact of the human factor on the emergence of threats to the intangible resources of a business entity. The concept is to create an information and organizational space to support the operation of the traditional information security management system in small and medium-sized enterprises. The concept is presented using the object-oriented approach which focuses on the functional elements of the system, and the subject-oriented approach, which takes into account the relationships between the various individuals who affect the security of the information system. The author's models of each approach were presented along with a description of how they work.","PeriodicalId":107011,"journal":{"name":"European Conference on Knowledge Management","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-09-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"The Concept of a Subsystem to Support the Management of the Protection of Intangible Assets of Companies from a Behavioural Perspective\",\"authors\":\"Paweł Kobis\",\"doi\":\"10.34190/eckm.24.1.1494\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The human factor is the biggest challenge for enterprises in providing the expected level of security, whereas the lack of educated personnel is one of the key problems in building an effective system for protection against data and information threats. A human being is a non-programmable element of the system and it is difficult to predict his or her behavior in information management processes and in the face of a specific event. Humans cannot be programmed like some security applications or hardware solutions with predictable performance. Human actions very often have a stochastic effect on the operation of the system. They can be ill-considered, haphazard, affected by emotions, and taken without due attention and adequate knowledge and experience (Pham et al., 2019). All these imperfections are exploited by those whose goal is to destroy or obtain information. According to data published by several information security companies, attacks carried out by purpose-built bots and web applications that exploit a technical factor (e.g., system vulnerabilities) are becoming increasingly rare, and are being replaced by attacks in which human interaction is a key factor. The curiosity and trust, leading well-meaning individuals to click, install, open, and send information, are being exploited by cybercriminals who are increasingly adept at using social engineering techniques. \\nThe aim of the present paper is to discuss the theoretical basis of information security issues from the behavioral perspective and to present the concept of a subsystem that implements measures to minimize the impact of the human factor on the emergence of threats to the intangible resources of a business entity. The concept is to create an information and organizational space to support the operation of the traditional information security management system in small and medium-sized enterprises. The concept is presented using the object-oriented approach which focuses on the functional elements of the system, and the subject-oriented approach, which takes into account the relationships between the various individuals who affect the security of the information system. The author's models of each approach were presented along with a description of how they work.\",\"PeriodicalId\":107011,\"journal\":{\"name\":\"European Conference on Knowledge Management\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-09-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"European Conference on Knowledge Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.34190/eckm.24.1.1494\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"European Conference on Knowledge Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34190/eckm.24.1.1494","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The Concept of a Subsystem to Support the Management of the Protection of Intangible Assets of Companies from a Behavioural Perspective
The human factor is the biggest challenge for enterprises in providing the expected level of security, whereas the lack of educated personnel is one of the key problems in building an effective system for protection against data and information threats. A human being is a non-programmable element of the system and it is difficult to predict his or her behavior in information management processes and in the face of a specific event. Humans cannot be programmed like some security applications or hardware solutions with predictable performance. Human actions very often have a stochastic effect on the operation of the system. They can be ill-considered, haphazard, affected by emotions, and taken without due attention and adequate knowledge and experience (Pham et al., 2019). All these imperfections are exploited by those whose goal is to destroy or obtain information. According to data published by several information security companies, attacks carried out by purpose-built bots and web applications that exploit a technical factor (e.g., system vulnerabilities) are becoming increasingly rare, and are being replaced by attacks in which human interaction is a key factor. The curiosity and trust, leading well-meaning individuals to click, install, open, and send information, are being exploited by cybercriminals who are increasingly adept at using social engineering techniques.
The aim of the present paper is to discuss the theoretical basis of information security issues from the behavioral perspective and to present the concept of a subsystem that implements measures to minimize the impact of the human factor on the emergence of threats to the intangible resources of a business entity. The concept is to create an information and organizational space to support the operation of the traditional information security management system in small and medium-sized enterprises. The concept is presented using the object-oriented approach which focuses on the functional elements of the system, and the subject-oriented approach, which takes into account the relationships between the various individuals who affect the security of the information system. The author's models of each approach were presented along with a description of how they work.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
