Download This PaperResearch on Multi-Factor Driven Insider Threat Risk Measurement Method of Information System
25 Pages Posted: 23 Dec 2024
There are 2 versions of this paper
Research on Multi-Factor Driven Insider Threat Risk Measurement Method of Information System
Research on Multi-Factor Driven Insider Threat Risk Measurement Method of Information System
Abstract
Internal threats pose significant challenges to cybersecurity. This article proposes a novel method that calculates internal threat risk before a security incident occurs, unlike most studies that focus on detection after incidents. Firstly, the research identifies personal factors, organizational management, and security technology as key drivers of internal personnel's threatening behavior. Based on these dimensions, an internal threat risk measurement index system for information systems is constructed, comprising a target layer, class layer (three types of risks), subclass layer (14 subclasses), factor layer (61 risk factors), and instance layer (112 instances). This indicator system can comprehensively describe the characteristics of internal threat risks. Secondly, the questionnaire designed in this paper assigns a value to the risk instance, and then proposes an internal threat risk measurement method based on Information Entropy, which can effectively and reasonably calculate the potential internal threat risk (including the risk level of individual, organization management, security technology and the overall). Finally, by comparing with the existing research, the advantages of comprehensiveness, extensibility and operability of this study are highlighted. This study can help decision-makers to discover the causes of internal threat risks, and provide important reference and basis for risk prevention and decision making.
Keywords: insider threats, insider threat risk measurement, insider threat indicator system, insider threat risk management, technical security risks
Suggested Citation: Suggested Citation