The Concept of a Methodology for Calculating the Deviation of an Employee’s Psychological Profile from the Actual Average Norm of Tolerant Ethics of Behavior for Information Protection in Small Businesses

Abstract

Tolerant behavior of an employee for the purposes of the administration in the field of information security must comply with the adopted information security policy. Leakage of trade secrets and other valuable information should not be allowed. However, the number of leaks is growing, and companies (as well as government organizations) are forced to reconsider the techniques and methods of countering information leaks. Among the standard methods of information protection, a firewall (ViPNet TIAS – Threat Intelligence Analytics System) occupies a special place for automatic detection of information security incidents in the event of increased anomalous activity of individual employees. The authors of this article see one of the solutions to combat leaks in the form of mathematical prediction of the level of deviance in the behavior of each employee in the form of a change in the psycho-emotional state, which is a dynamic category and changes depending on the factors of the external and internal environment of the employee, both inside and outside the organization. A stable “state” is replaced by a problematic “unstable” state, and, most likely, leads to information threats to the organization, in the form of information leaks, or irreversible information threats. This digital “footprint” fills the deviation detector model with metadata for the mathematical model of the organization’s information security, where exceeding the level of the calculated probability directly determines the “access” (or denial of access) of this employee to the business process and commercial information of the organization.