Abstract
The tasks of determining the state of the organizational information security culture are considered. Despite the dozens of technical and technological means to provide an information security, the issue of quantifying the level of information security culture (ISC) in the organization remains inadequately investigated. The personal information security culture of employee becomes the basis of organizational ISC. The model for identifying a personal ISC using the fuzzy logic for the formalized assessment of personnel ISC in the overall quantitative assessment of the organization’s IS was proposed. The need for this approach caused with difficulty of obtaining quantitative evaluation indicators of personnel ISC in assessing the overall security of the organization.
As an example of using this model, the assessment of the user’s personal cybersecurity culture is considered. It was carried out by collecting the input data by questionnaire and represented as the “inputs-output” surfaces of the fuzzy hierarchical system. The results of the assessment show the problems in ISC wich must be corrected with training, motivation and additional instructing. The presented model can be considered as a part of the ISMS audit, which assessing the awareness of employees as one of aspects of the organization’s ISC.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Fan, W., Kevin, L., Rong, R.: Social engineering: I-E based model of human weakness for attack and defense investigations. Int. J. Comput. Netw. Inf. Secur. (IJCNIS) 9(1), 1–11 (2017). https://doi.org/10.5815/ijcnis.2017.01.01
Beugelsdijk, S., Maseland, R.: Culture in Economics: History, Methodological Reflections and Contemporary Applications. Cambridge University Press, Cambridge (2010)
Schlienger, T., Teufel, S.: Information Security Culture: The Socio-Cultural Dimension in Information Security Management, pp. 191–202 (2002)
Krombholz, K., Hobel, H., Huber, M., Weippl, E.: Social engineering attacks on the knowledge worker. In: Proceedings of the 6th International Conference on Security of Information and Networks, Aksaray, Turkey, 26–28 November 2013, pp. 28–35 (2013). https://doi.org/10.1145/2523514.2523596
Mouton, F., Leenen, L., Venter, H.S.: Social engineering attack examples, templates and scenarios. Comput. Secur. 59, 186–209 (2016)
Okere, I., van Niekerk, J., Carroll, M.: Assessing information security culture: a critical analysis of current approaches. In: Proceedings of the 2012 Information Security for South Africa, pp. 1–8 (2012). https://doi.org/10.1109/issa.2012.6320442
Alhogail, A., Mirza, A.: Information security culture: a definition and a literature review. In: Proceedings of IEEE World Congress on Computer Applications and Information Systems, pp. 1–7 (2014)
Ochang, P.A., Irving, P.J., Ofem, P.O.: Research on wireless network security awareness of average users. Int. J. Wirel. Microwave Technol. (IJWMT) 6(2), 21–29 (2016). https://doi.org/10.5815/ijwmt.2016.02.03
Tolstova, Y.N.: Izmerenie v sotsiologii: Kurs lektsiy [Measurement in sociology: Course of lectures]. INFRA-M, Moscow (1998). (in Russian)
Begun, V.V., Shirokov, S.V., Begun, S.V., Pismenniy, E.M., Litvinov, V.V., Kazachkov, I.V.: Kultura bezpeki v yadernIy energetitsi [Culture of safety in nuclear power] Kyiv (2012). (in Ukrainian)
Hromtsov, A.V.: Sotsialno-tehnologicheskaya kultura personala, kak faktor formirovaniya konkurentosposobnosti firmyi [Socio-technological culture of the personnel as a factor of formation of the firm’s competitiveness]. Paper presented at the «Lomonosov» Conference (2007). https://lomonosov-msu.ru/archive/Lomonosov_2007/17/hromcov_av.doc.pdf
Angeli, C.: Diagnostic expert systems - from expert’s knowledge to real-time systems. In: Sajja, P., Akerkar, R. (eds.) Advanced Knowledge Based Systems: Model, Applications & Research, vol. 1, pp. 50–73 (2010)
Tokarev, B.: Printsipy sostavleniya oprosnikov dlya marketingovykh issledovaniy [Principles of compiling questionnaires for marketing research]. https://www.marketing.spb.ru/lib-research/methods/poll_questionnaire.htm. (this page was last modified on 2018)
Zadeh, L.A.: Fuzzy sets as basis for a theory of possibility. Fuzzy Sets Syst. 1, 3–28 (1978)
Singh, A.P., Tomar, P.: Web service component reusability evaluation: a fuzzy multi-criteria approach. Int. J. Inf. Technol. Comput. Sci. (IJITCS) 8(1), 40–47 (2016). https://doi.org/10.5815/ijitcs.2016.01.05
Khare, A.K., Rana, J.L., Jain, R.C.: Detection of wormhole, blackhole and DDOS attack in MANET using trust estimation under fuzzy logic methodology. Int. J. Comput. Netw. Inf. Secur. (IJCNIS) 9(7), 29–35 (2017). https://doi.org/10.5815/ijcnis.2017.07.04
Atlam, H.F., Alenezi, A., Hussein, R.K., Wills, G.B.: Validation of an adaptive risk-based access control model for the internet of things. Int. J. Comput. Netw. Inf. Secur. (IJCNIS) 10(1), 26–35 (2018). https://doi.org/10.5815/ijcnis.2018.01.04
Pegat, A.: Nechetkoe modelirovanie i upravlenie [Fuzzy modeling and control]. Binom. Laboratoriya znaniy, Moscow (2013). http://padaread.com/?book=89681&pg=1
Shtovba, S.D.: Vvedenie v teoriyu nechetkikh mnozhestv i nechetkuyu logiku [Introduction to the theory of fuzzy sets and fuzzy logic]. MATLAB. Exponenta (2001). http://matlab.exponenta.ru/fuzzylogic/book1/4_6.php
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Dorosh, M., Voitsekhovska, M., Balchenko, I. (2020). Research and Determination of Personal Information Security Culture Level Using Fuzzy Logic Methods. In: Hu, Z., Petoukhov, S., Dychka, I., He, M. (eds) Advances in Computer Science for Engineering and Education II. ICCSEEA 2019. Advances in Intelligent Systems and Computing, vol 938. Springer, Cham. https://doi.org/10.1007/978-3-030-16621-2_47
Download citation
DOI: https://doi.org/10.1007/978-3-030-16621-2_47
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16620-5
Online ISBN: 978-3-030-16621-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)