EXPERIMENTAL EVALUATION OF THE DETECTION OF ANOMALIES IN A COMPUTER NETWORK

В статье рассматривается оптимизированный подход к контролю инцидентов информационной безопасности компьютерной сети и обнаружению аномалий. Обоснована необходимость использования алгоритма «усечения» полного множества факторов нарушения политики информационной безопасности. The article considers an optimized approach to monitoring computer network information security incidents and detecting anomalies. The necessity of using the algorithm of «truncation» of the full set of factors of violation of the information security policy is justified.

State Information Security Policy (Comparative Legal Aspect)

The rapid development of information technology and the problem of its rapid implementation in all spheres of public life, the growing importance of information in management decisions to be made by public authorities, a new format of media — these and other factors urge the problem of developing and implementing quality state information security policy. The aim of the article was to conduct a comparative analysis of the latest practices of improving public information security policies in the European Union, as well as European countries such as Poland, Germany, Great Britain, and Ukraine. The formal-logic, system-structural and problem-theoretical methods were the leading methodological tools. The analysis of regulatory legal acts showed that there is a single concept of international information security at the global and regional levels, which requires additional legal instruments for its implementation. It is stated that the reform of national information security policies has a direct impact on the formation of a single global information space. According to the results of the study, it is substantiated that the United Kingdom is characterized by the most promising information security policy.

The effect of perceived organizational culture on employees’ information security compliance

Purpose This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers. Design/methodology/approach The survey using the Organizational Culture Assessment Instrument was sent to white-collar workers in Sweden (n = 674), asking about compliance with information security policies. The survey instrument is an operationalization of the Competing Values Framework that distinguishes between four different types of organizational culture: clan, adhocracy, market and bureaucracy. Findings The results indicate that organizational cultures with an internal focus are positively related to employees’ information security policy compliance. Differences in organizational culture with regards to control and flexibility seem to have less effect. The analysis shows that a bureaucratic form of organizational culture is most fruitful for fostering employees’ information security policy compliance. Research limitations/implications The results suggest that differences in organizational culture are important for employees’ information security policy compliance. This justifies further investigating the mechanisms linking organizational culture to information security compliance. Practical implications Practitioners should be aware that the different organizational cultures do matter for employees’ information security compliance. In businesses and the public sector, the authors see a development toward customer orientation and marketization, i.e. the opposite an internal focus, that may have negative ramifications for the information security of organizations. Originality/value Few information security policy compliance studies exist on the consequences of different organizational/information cultures.

Instrumenty polityki bezpieczeństwa informacyjnego Białorusi

The aim of the article is to analyse the implementation of the information security policy of the Republic of Belarus. The analysis was carried out in strategic and functional dimensions. The research covered mainly strategic documents relating to the information security of the Belarusian state. The research process included the use of the content analysis of source documents. As a result of its implementation, it was established that the information security policy of Belarus is implemented only in the formal, legal and institutional dimensions. In the field of information security policy in the Republic of Belarus, only the state is treated subjectively, and other entities - the citizen and society, have been treated as subjects.

Autonomous Motivation and Information Security Policy Compliance

Many existing studies focus on the effect of external influence mechanisms (e.g., deterrence) impacting information security policy compliance (ISPC). This study explores the formation of ISPC from an autonomous motivation perspective, based on social exchange theory and self-determination theory. Data were gathered by conducting a survey of 261 employees, with hierarchical regression analysis being used to test our hypotheses.The results indicated the following: First, job satisfaction and personal responsibility positively impact ISPC. Second, job satisfaction perceived by employees is positively linked to personal responsibility, where deterrence severity has a negative moderating effect on this relationship. Finally, personal responsibility mediates the relationship between job satisfaction and ISPC. This study suggests that organizational support should focus on promoting perceived self-determination of employees, and that deterrence should be maintained at a moderate level to adapt to the organization's security strategy and information security environment.