Human factor aspects in information security management in the traditional IT and cloud computing models
Languages of publication
This paper attempts to classify the main areas of threats occurring in enterprises in the information management processes. Particular attention was paid to the effect of the human factor which is present in virtually every area of information security management. The author specifies the threats due to the IT techniques and technologies used and the models of information systems present in business entities. The empirical part of the paper presents and describes the research conducted by the author on information security in business organisations using the traditional IT model and the cloud computing model. The results obtained for both IT models are compared.
- ADAPTURE Technology Group, The Reality of Cloud Security Issues: The Human Factor, https: //adapture.com/the-reality-of-cloud-security-issues-the-human-factor/ (04.12.2020).
- AHMED M.,KAMBAM H.R.,LIU Y.,UDDIN M.N., Impact of human factors in cloud data breach, [In:] F. Xhafa, S. Patnaik, M. Tavana (Eds.), Advances in intelligent systems and interactive applications, IISA 2019, Advances in Intelligent Systems and Computing, Vol. 1084, Springer, Cham, 2020, 568–577.
- ALAVI R., ISLAM S., JAHANKHANI H., AL-NEMRAT A., Analyzing human factors for an effective information security management system, Int. J. Sec. Soft. Eng., 2013, 4 (1), 50–74.
- CELLARY W., Information management instead of document management as a way for transforming public administration, Elektron. Adm., 2007, 5, 2–7 (in Polish).
- CHOMIAK-ORSA I., MROZEK B., Main perspectives of using big data in social media, Inf. Ekon., 2017, 3 (45), 44–54 (in Polish).
- COLWILL C., Human factors in information security: The insider threat – who can you trust these days?, Inf. Sec. Techn. Rep., 2009, 14, 186–196.
- DENNING D.E.R., Informatio075-076n warfare and security, Wydawnictwa Naukowo-Techniczne, Warszawa 2002 (in Polish).
- GALANC T., KOLWZAN W., PIERONEK J., Informatics systems of decision support and analysis of their security, Oper. Res. Dec., 2016, 1, 45–53.
- IGNATOVA I., BIEHUN A., Estimating the reliability of the elements of cloud services, Oper. Res. Dec., 2017, 3, 65–80.
- Kaspersky Daily, Business perception of IT security: In the face of an inevitable compromise, website: https://usa.kaspersky.com/blog/security_risks_report_perception/, 2017 (01.12.2020).
- KIEŁTYKA L., KOBIS P., Economic aspects of virtualization of IT resources in enterprises, Przegl. Org., 2013, 4, 13–19 (in Polish).
- KOBIS P., Employee mobility in light of cloud computing model, I. Humanistic aspects of knowledge and competencies management, Przeds. Zarządz., 2016, 17 (7), 159–172.
- KOBIS P., Nature of cloud computing as well as chances and threats associated with the application of cloud computing, [In:] L. Kiełtyka (Ed.), Information technologies in organisation functioning, Stowarzyszenie Wyższej Użyteczności “Dom Organizatora”, Toruń 2013, 213–222 (in Polish).
- KORZENIOWSKI P., Human error still poses a significant cloud security risk, TechTarget, website: https: //searchcloudcomputing.techtarget.com/tip/Human-error-still-poses-a-significant-cloud-security-risk, 2018 (07.12.2020).
- KOŹMIŃSKI A.K.,JEMIELNIAK D., Management from the beginning. Academic coursebook, Wydawnictwa Akademickie i Profesjonalne, Warsaw 2008 (in Polish).
- KPMG, Report: Cybersecurity barometer. In the defence against cyberattacks, website: https:// assets.kpmg/content/dam/kpmg/pl/pdf/2019/04/pl-Raport-KPMG-Barometr-Cyberbezpieczenstwa -W-obronie-przed-cyberatakami.pdf, 2019 (25.08.2019) (in Polish).
- LENT B., Managing processes of project management: Informatics and communication, Difin, Warsaw 2005 (in Polish).
- ŁAPIŃSKI K., WYŻNIKIEWICZ B., Report cloud computing: flexibility, efficiency, safety, ThinkTank, Microsoft, BOOK Cloud Final Pol.pdf, Warsaw 2011 (in Polish).
- MALARA M., MALARA Z., Methodical aspects of knowledge management in a contemporary company, [In:] N.T. Nguyen, D.H. Hoang, T.-P. Hong, H. Pham, B. Trawiński (Eds.), Intelligent information and database systems, Lecture Notes in Artificial Intelligence 10751, Subseries of Lecture Notes in Computer Science, Springer, Dong Hoi City 2018, 71–81.
- MARINESCU D.C., Cloud computing: Theory and practice, Morgan Kaufmann Publishers, San Francisco 2017.
- PANKOV N., The human factor: Can employees learn not to make mistakes?, 2017, website: https: //www.kaspersky.com/blog/human-factor-weakest-link/17430/ (04.05.2019).
- PAWLAK M., Companies in Poland lose out due to lack of cloud competence, Oktawave, website: https://oktawave.com/pl/blog/firmy-w-polsce-traca-przez-brak-kompetencji-chmurowych, 2020 (06.12.2020) (in Polish).
- PIETUSZYŃSKI P., Security of cloud environments according to IT managers, Computerworld, website: https://www.computerworld.pl/news/Bezpieczenstwo-srodowisk-3.chmurowych-wedlug-menedzerow-IT,409536.html, 2017, (07.12.2020) (in Polish).
- PIPKIN D.L., Information security: Protecting the global enterprise, Prentice Hall PTR, Upper Saddle River, New Jersey 2000.
- ROZWADOWSKI M., Economic counterintelligence as a modern method for protection of strategic information for a organization, Securitologia, 2013, 1, 174–182 (in Polish).
- SAFIANU O., TWUM F., HAYFRON-ACQUAH J.B., Information system security threats and vulnerabilities: Evaluating the human factor in data protection, Int. J. Comp. Appl., 2016, 5, 8–14. 76
- SAPRONOV K., The human factor and information security, 2005, website: https://securelist.com/the-human-factor-and-information-security/36067/ (12.06.2019).
- SKOPIK F., SETTANNI G., FIEDLER R., A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing, Comp. Sec., 2016, 60, 154–176.
- SOOMRO Z.A., SHAH M.H., AHMED J., Information security management needs more holistic approach: A literature review, Int. J. Inf. Manage., 2016, 36 (2), 215–225.
- TABRIZCHI H., KUCHAKI RAFSANJANI M., A survey on security challenges in cloud computing: Issues, threats, and solutions, J. Supercomp., 2020, 76, 9493–9532.
- WANG Y., On cognitive properties of human factors and error models in engineering and socialization, Int. J. Cogn. Inf. Nat. Int., 2008, 2 (4), 70–84.
- ŻEBROWSKI A., Information protection in enterprises in the conditions of globalisation: Selected problems, [In:] R. Borowiecki, J. Czekaj (Eds.), Information resources in limiting economic risk, Stowarzyszenie Wyższej Użyteczności “Dom Organizatora”, Toruń 2011, 13–40 (in Polish)
Publication order reference