Wednesday, September 16, 2020

Information security of the organization: psychological and moral aspects

Information is about shaping and informing that which was previously unknown. Information is the basic component of knowledge. In turn, knowledge is accumulated and transmitted in the form of this or that intellectual product. In other words, knowledge, in contrast to information processes, is a self-growing, increasing resources.

The leading role of the information process at all its stages belongs to carriers of information and knowledge as a subjective subject of information accumulation. on how interests, personality traits and basic psychological attitudes will be taken into account in information processes, not only efficiency, but also the effectiveness of the application of systemic technological processes depends. Taking into account the increasing role of information in the systems of resource support of business processes, the role of information security of any enterprise becomes as clear as possible. The main areas of business information security are: what types of engineers are there

Protection of information about the state and movement of tangible assets, often understood as economic security;

Protection of information about the state of intangible assets and their carriers (personnel), defined as information security itself;

Protection of means of storage, processing and transmission of information.

It uses economic and psychological methods to ensure business security and technical and technological methods to protect information networks.

Conditions for the formation of a system of economic security of a company: A clear definition of the concept of a system of economic security. Ensuring economic security means carrying out constant activities to identify, prevent, localize and neutralize threats and minimize damage from the implementation of threats of various nature. Taking into account the opinions and positions of the owner, shareholders, top management. The opinions of these categories of persons do not always coincide.

Compliance with the principles and algorithm for the formation of a system of economic security of the company. At the heart of the judgment: any action that disrupts the normal functioning of the organization is understood as a threat to the economic security of the firm. How are information security measures implemented in practice, taking into account specific situations? Here are some examples. It is noted that the reason for information leakage most often occurs as a result of the negligence of the top officials of the organization. For example, in private companies, more than 75% of responsible employees, receiving visitors, do not consider it necessary to remove confidential documents from the table or turn off the computer. This leads to the loss of up to 30% of operational information. According to the survey, 75% of CEOs of large enterprises are well aware of the increased potential for information leakage when using modern duplicating tools such as a photocopier. Nevertheless, the copying of material in 53.6% of cases occurs in self-service mode, in 32.7% - by the operator at the verbal request of the employee, and only in 13.5% of cases the operator makes copies against receipt or by written order. According to a study conducted by Italian psychologists, only 25% of the company's employees are really reliable people, the same number are waiting for an opportunity to divulge secrets, and 50% will act depending on the circumstances. In 5% of cases, the operator makes copies against receipt or written order. According to a study conducted by Italian psychologists, only 25% of the company's employees are really reliable people, the same number are waiting for an opportunity to divulge secrets, and 50% will act depending on the circumstances. In 5% of cases, the operator makes copies against receipt or written order. According to a study conducted by Italian psychologists, only 25% of the company's employees are really reliable people, the same number are waiting for an opportunity to divulge secrets, and 50% will act depending on the circumstances.

In the United States, computer crimes are committed, as a rule, by employees who are allowed to work with information systems. Clerks, administrators and managers are more likely to blame for them than professional programmers. A number of cases have been recorded when programmers planted a logical bomb in the information system in the event of force majeure circumstances significant to them. When these circumstances occur, the bomb erases the entire array of information and self-destructs. It is almost impossible to prove guilt in court. According to the researchers, the most effective measures to create an atmosphere of information security are measures related to improving information culture at an enterprise. It is necessary to form a clear target for increasing reliability and responsibility in matters of information protection. So, many American firms operate a two-tier information security system. The first level is the provision of information security by the special services, the second is the cultivation of an atmosphere of vigilance and responsibility with the help of so-called coordinators appointed from mid-level officials.

It is advisable to divide the technological process into a number of independent stages so that employees know only a part of the secrets, and only the management or a narrow circle of people possessed the whole knowledge. It is necessary to constantly monitor the relationship between people who own information, take into account their moral and psychological state. The reasons for concern are: manifestations of emotional imbalance, discontent, cunning, disappointment of employees whose ideas are rejected. It is proposed to create a system of intra-company communication that does not allow for the complete autonomy of individual employees. In general, psychological support of commercial secrets in the process of selection, training, promotion and dismissal of personnel is more efficient and cheaper than in the case of conventional information classification.

Dissemination of information only through controlled channels; appointment of persons responsible for control of documentation;

mandatory destruction of unused copies of documents and records;

clear definition of trade secrets for personnel;

compilation, regular assessment and updating of the list of information that is a trade secret;

inclusion of a clause on non-disclosure of commercial secrets in the employment contract , internal regulations and job descriptions;

inclusion of provisions on non-disclosure of secrets in agreements and contracts with partners.

We will especially focus on measures to ensure information security when an employee is fired. The intentions of an employee to quit is indirectly evidenced by visiting the relevant sites on the Internet, sending out a resume. From that moment on, all correspondence from the work address and some operations on the PC should be taken under secret control. All files should be backed up as soon as possible in the absence of this user. Viewing vacancies could be carried out at the request of acquaintances looking for work, there is no need to immediately take explicit security measures. If an employee announced his dismissal, you can take the following measures: inform all employees about the upcoming dismissal and prohibit transferring to him any or any specific information related to work; make a backup copy of the user's files; organize the transfer of cases; gradually, as cases are transferred, reduce the rights of access to information; if necessary, arrange for support of the dismissal by an information security specialist.

If an employee is convicted of industrial espionage, it is necessary to: immediately deprive him of all access rights to IT; immediately adjust access rights to shared information resources (databases, printers, faxes), block entrances to external networks or change the rules for accessing them; all employees are required to change their personal passwords, and the following information is brought to their attention: Employee N is not working.

For any attempts to contact him immediately inform the security service for some time, the control of the IP is carried out in an enhanced mode. If an employee is not dismissed due to incrimination in industrial espionage, then the above measures should not be overly persistent, so as not to have a negative impact on the psychological state of a person. It is necessary to convince the employee that this is the general order and that he is personally not suspected of anything. If employees see that the dismissal of each PC user is inextricably linked with moral damage, then the general socio-psychological climate will suffer: the organization will be associated with a prison or a sect. In addition, it is inappropriate to spoil relations with all leaving employees: someone can return, and someone can help. If an employee is fired, If convicted of industrial espionage, the escort procedure remains at the discretion of the security service. The task of the personnel management service: what is happening should not harm the social and psychological climate in the team, but, if possible, on the contrary, consolidate the rest of the employees. Measures to ensure information security from the standpoint of the human factor can be viewed as a shield against information theft as a specific resource of significant value. Theft and fraud, as a psychological problem, have their own ideology: "everyone in Russia steals." With some variations, this judgment has been around for centuries. What exactly is the severe heredity of the Russian mentality manifested in? what is happening should not harm the social and psychological climate in the team, but, if possible, on the contrary, consolidate the rest of the employees. Measures to ensure information security from the standpoint of the human factor can be viewed as a shield against information theft as a specific resource of significant value. Theft and fraud, as a psychological problem, have their own ideology: "everyone in Russia steals." With some variations, this judgment has been around for centuries. What exactly is the severe heredity of the Russian mentality manifested in? what is happening should not harm the social and psychological climate in the team, but, if possible, on the contrary, consolidate the rest of the employees. Measures to ensure information security from the standpoint of the human factor can be viewed as a shield against information theft as a specific resource of significant value. Theft and fraud, as a psychological problem, have their own ideology: "everyone in Russia steals." With some variations, this judgment has been around for centuries. What exactly is the severe heredity of the Russian mentality manifested in? Measures to ensure information security from the standpoint of the human factor can be viewed as a shield against information theft as a specific resource of significant value. Theft and fraud, as a psychological problem, have their own ideology: "everyone in Russia steals." With some variations, this judgment has been around for centuries. What exactly is the severe heredity of the Russian mentality manifested in? Measures to ensure information security from the standpoint of the human factor can be viewed as a shield against information theft as a specific resource of significant value. Theft and fraud, as a psychological problem, have their own ideology: "everyone in Russia steals." With some variations, this judgment has been around for centuries. What exactly is the severe heredity of the Russian mentality manifested in?

that is, a choice that minimizes costs and maximizes net benefits. Economic behavior is based on people's value orientations. Economic behavior is influenced by various factors:

technical level of production,

organization, rationing,

pay and working conditions,

job satisfaction,

moral and psychological climate in the team,

the educational and cultural level of the employee,

the nature of social and political activity in society and the working group.

There are four strategies of economic behavior: minimum labor - minimum income, minimum labor - maximum income, maximum labor - guaranteed income, maximum labor - maximum income. Human behavior within the framework of one strategy is governed exclusively by his motives. The transition from one strategy to another is regulated by a system of incentives. An exception is the maximum labor - maximum income strategy, where human behavior is determined by incentives. The strategy of minimum labor - minimum income, arising as a forced reaction of a person to a situation, forms the employee's feelings of internal dismissal, depression, contributes to the formation of terminator, that is, destructive behavior.

Recommendations for the prevention of theft in the organization.

Create a strong corporate culture of the organization (relationships, social priorities, morality in the organization). If a critical mass of workers is formed, then newcomers fall into the system of self-reproducing social consciousness. Create an effective control system that meets the following requirements: regularity and regularity, personal responsibility of employees. The condition is to view control as helping people resist the temptation to steal. As a preventive measure, periodically induce in workers the syndromes of feelings of guilt, feelings of gratitude, playing the role of a strict boss or a rescuer boss. Be choosy about industrial relationships. The assertion "they will not steal their own" is rather controversial. General incentive rules can also be formulated to ensure the safe behavior of personnel:

accessibility, tangibility;

minimum gap between results and pay on time;

a combination of incentives and penalties;

a combination of material, social and psychological incentives.

No comments:

Post a Comment