HUMAN RESOURCES MANAGEMENT AS A COMPONENT OF ORGANIZATION INFORMATION SECURITY
DOI:
https://doi.org/10.28925/2663-4023.2023.20.3544Keywords:
personnel management; information; information security; human resource securityAbstract
The cyber threat landscape has undergone major changes in recent years. Compared to any period since the beginning of the information age, it is more diverse and broad. First, the Covid-19 pandemic, namely the resulting transition of organizations to remote work and then the full-scale invasion of Ukraine by the Russian Federation, made adjustments to the information security strategy. Today, most organizations are aware of security threats and the need to create a reliable information security management system to ensure their effective operation in an information environment that is aggressive both technically and socially. An important area of information security in an organization is human resource management since, according to statistics from a number of reputable analytical centers, employees are the weakest link in any data security system. The organization's human resources management includes a thorough recruitment process, fostering a responsible attitude to work in compliance with the requirements for protecting restricted information, developing a corporate culture of information security and dismissal procedures.
The article provides a list of documents of the regulatory framework, namely, international security standards, regulatory documents of public authorities, and internal documents of an organization regulating the rules and methods of work with personnel. The main motives for the unlawful behavior of an internal attacker are highlighted, and the organizational measures recommended in the context of ensuring information security at all three stages of interaction between a person and an organization: employment, employment, and dismissal are described. There is also indicated the expediency of using psychoanalysis, psychology, management ethics and conflictology methods in the field of personnel management for forecasting and prevention of informational threats.
Downloads
References
The Latest 2023 Cyber Crime Statistics (updated February 2023). https://aag-it.com/the-latest-cyber-crime-statistics/.
The Reality of Insider Threats in Cybersecurity. https://www.threatintelligence.com/insider-threats.
2022 Cost of Insider Threats Global Report. https://protectera.com.au/wp-content/uploads/2022/03/The-Cost-of-Insider-Threats-2022-Global-Report.pdf.
Ortynskyi, V.L., Zhyvko, Z.B., Kernytskyi, I.S. (2009). Ekonomichna bezpeka pidpryiemstv, orhanizatsii ta ustanov [Economic security of enterprises, organizations and institutions]. Kyiv: Pravova yednist.
Liashenko, O.M., Pohorielov, Yu.S., Bezbozhnyi, V.L., Kozachenko, H.V. (2010). Systema ekonomichnoi bezpeky: derzhava, rehion, pidpryiemstvo [System of economic security: state, region, enterprise]. Luhansk: Elton-2.
Sidak, V.S., Mihus, I.P. (Ed.). (2012). Kadrova bezpeka subiektiv hospodarskoi diialnosti: menedzhment insaideramy [Personnel security of business entities: management by insiders]. Cherkasy: Maklaut.
Panchenko, V.A. (2018). Mistse kadrovoi bezpeky v systemi ekonomichnoi bezpeky pidpryiemstv [The place of personnel security in the system of economic security of enterprises]. Naukovyi visnyk Uzhhorodskoho natsionalnoho universytetu. Seriia: Mizhnarodni ekonomichni vidnosyny ta svitove hospodarstvo, 21(2), 53-60.
ISO/IEC 27002:2013 Information technology. Security techniques. Code of practice for information security controls. Requirements. https://www.iso.org/stand-ard/54534.html.
Insider Threat Mitigation Guide.
Kukharska, N., Lagun, A. (2022). Personnel selection as information security controls. Ukrainian Scientific Journal of Information Security, 28(1), 21-25.
2022 Tech Work Report. https://assets.website-files.com/60aedfe8d838fc583e6d9cd7/6318e48c376c58335d410009_2022_TechWorkReport_090722-compressed.pdf.
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Admin Skladannyi; Наталія Кухарська, Андрій Лагун
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.