IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v15y2022i1p491-d1017415.html
   My bibliography  Save this article

Risk Assessment of Insider Threats Based on IHFACS-BN

Author

Listed:
  • Min Zeng

    (School of Economics, Management and Law, University of South China, Hengyang 421001, China
    These authors contributed equally to this work.)

  • Chuanzhou Dian

    (School of Economics, Management and Law, University of South China, Hengyang 421001, China
    These authors contributed equally to this work.)

  • Yaoyao Wei

    (School of Economics, Management and Law, University of South China, Hengyang 421001, China)

Abstract

Insider threats, as one of the pressing challenges that threaten an organization’s information assets, usually result in considerable losses to the business. It is necessary to explore the key human factors that enterprise information security management should focus on preventing to reduce the probability of insider threats effectively. This paper first puts forward the improved Human Factors Analysis and Classification System (IHFACS) based on actual enterprise management. Then, the enterprise internal threat risk assessment model is constructed using the Bayesian network, expert evaluation, and fuzzy set theory. Forty-three classic insider threat cases from China, the United States, and Israel during 2009–2021 are selected as samples. Then, reasoning and sensitivity analysis recognizes the top 10 most critical human factors of the accident and the most likely causal chain of unsafe acts. The result shows that the most unsafe behavior was not assessing employees’ familiarity with the company’s internal security policies. In addition, improving the organizational impact of information security can effectively reduce internal threats and promote the sustainable development of enterprises.

Suggested Citation

  • Min Zeng & Chuanzhou Dian & Yaoyao Wei, 2022. "Risk Assessment of Insider Threats Based on IHFACS-BN," Sustainability, MDPI, vol. 15(1), pages 1-18, December.
    • Handle: RePEc:gam:jsusta:v:15:y:2022:i:1:p:491-:d:1017415
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/15/1/491/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2071-1050/15/1/491/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Jawon Kim & Chanwoo Lee & Hangbae Chang, 2020. "The Development of a Security Evaluation Model Focused on Information Leakage Protection for Sustainable Growth," Sustainability, MDPI, vol. 12(24), pages 1-20, December.
    2. Jifeng Lu & Weihua Liu & Kai Yu & Lujie Zhou, 2022. "The Dynamic Evolution Law of Coal Mine Workers’ Behavior Risk Based on Game Theory," Sustainability, MDPI, vol. 14(7), pages 1-16, March.
    3. Weiliang Qiao & Yu Liu & Xiaoxue Ma & Yang Liu, 2020. "Human Factors Analysis for Maritime Accidents Based on a Dynamic Fuzzy Bayesian Network," Risk Analysis, John Wiley & Sons, vol. 40(5), pages 957-980, May.
    4. Cao, Cejun & Liu, Yang & Tang, Ou & Gao, Xuehong, 2021. "A fuzzy bi-level optimization model for multi-period post-disaster relief distribution in sustainable humanitarian supply chains," International Journal of Production Economics, Elsevier, vol. 235(C).
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Laihao Ma & Xiaoxue Ma & Jingwen Zhang & Qing Yang & Kai Wei, 2021. "Identifying the Weaker Function Links in the Hazardous Chemicals Road Transportation System in China," IJERPH, MDPI, vol. 18(13), pages 1-17, July.
    2. Diaz, Rafael & Behr, Joshua G. & Acero, Beatriz, 2022. "Coastal housing recovery in a postdisaster environment: A supply chain perspective," International Journal of Production Economics, Elsevier, vol. 247(C).
    3. Fanshun Zhang & Congdong Li & Cejun Cao & Zhiwei Zhang, 2022. "Random or preferential? Evolutionary mechanism of user behavior in co-creation community," Computational and Mathematical Organization Theory, Springer, vol. 28(2), pages 141-177, June.
    4. Lan, He & Ma, Xiaoxue & Qiao, Weiliang & Ma, Laihao, 2022. "On the causation of seafarers’ unsafe acts using grounded theory and association rule," Reliability Engineering and System Safety, Elsevier, vol. 223(C).
    5. Rabin K. Jana & Dinesh K. Sharma & Peeyush Mehta, 2022. "A probabilistic fuzzy goal programming model for managing the supply of emergency relief materials," Annals of Operations Research, Springer, vol. 319(1), pages 149-172, December.
    6. Lidong Pan & Yu Zheng & Juan Zheng & Bin Xu & Guangzhe Liu & Min Wang & Dingding Yang, 2022. "Characteristics of Chemical Accidents and Risk Assessment Method for Petrochemical Enterprises Based on Improved FBN," Sustainability, MDPI, vol. 14(19), pages 1-18, September.
    7. Shivam Gupta & Sachin Modgil & Ajay Kumar & Uthayasankar Sivarajah & Zahir Irani, 2022. "Artificial intelligence and cloud-based Collaborative Platforms for Managing Disaster, extreme weather and emergency operations," Post-Print hal-04325638, HAL.
    8. Xingbang Qiang & Guoqing Li & Jie Hou & Xia Zhang & Yujia Liu, 2023. "Intelligent Safety Risk Analysis and Decision-Making System for Underground Metal Mines Based on Big Data," Sustainability, MDPI, vol. 15(13), pages 1-15, June.
    9. Meng, Qingchun & Kao, Zhiping & Guo, Ying & Bao, Chunbing, 2023. "An emergency supplies procurement strategy based on a bidirectional option contract," Socio-Economic Planning Sciences, Elsevier, vol. 87(PA).
    10. Jiaxin Geng & Hanping Hou & Shaoqing Geng, 2021. "Optimization of Warehouse Location and Supplies Allocation for Emergency Rescue under Joint Government–Enterprise Cooperation Considering Disaster Victims’ Distress Perception," Sustainability, MDPI, vol. 13(19), pages 1-14, September.
    11. Hyunae Park & Youngcheon Yoo & Hwansoo Lee, 2021. "7S Model for Technology Protection of Organizations," Sustainability, MDPI, vol. 13(13), pages 1-25, June.
    12. Vosooghi, Zeinab & Mirzapour Al-e-hashem, S.M.J. & Lahijanian, Behshad, 2022. "Scenario-based redesigning of a relief supply-chain network by considering humanitarian constraints, triage, and volunteers’ help," Socio-Economic Planning Sciences, Elsevier, vol. 84(C).
    13. You, Qi & Yu, Kai & Zhou, Lujie & Zhang, Jing & Lv, Maoyun & Wang, Jiansheng, 2023. "Research on risk analysis and prevention policy of coal mine workers' group behavior based on evolutionary game," Resources Policy, Elsevier, vol. 80(C).
    14. Jiao Liu & Shuang Li & Weijun Bao & Kun Xu, 2022. "Could the Management System of Safety Partnership Change Miners’ Unsafe Behavior?," Sustainability, MDPI, vol. 14(20), pages 1-14, October.
    15. Wenjun Zhang & Xiangkun Meng & Xue Yang & Hongguang Lyu & Xiang-Yu Zhou & Qingwu Wang, 2022. "A Practical Risk-Based Model for Early Warning of Seafarer Errors Using Integrated Bayesian Network and SPAR-H," IJERPH, MDPI, vol. 19(16), pages 1-14, August.
    16. Jie Zhen & Cejun Cao & Hanguang Qiu & Zongxiao Xie, 2021. "Impact of organizational inertia on organizational agility: the role of IT ambidexterity," Information Technology and Management, Springer, vol. 22(1), pages 53-65, March.
    17. Abdullah Baz & Riaz Ahmed & Suhel Ahmad Khan & Sudesh Kumar, 2023. "Security Risk Assessment Framework for the Healthcare Industry 5.0," Sustainability, MDPI, vol. 15(23), pages 1-27, December.
    18. Yiping Huang & Qin Yang & Jinfeng Liu & Xiao Li & Jie Zhang, 2021. "Sustainable Scheduling of the Production in the Aluminum Furnace Hot Rolling Section with Uncertain Demand," Sustainability, MDPI, vol. 13(14), pages 1-23, July.
    19. Wenjun Zhang & Yingjun Zhang & Weiliang Qiao, 2022. "Risk Scenario Evaluation for Intelligent Ships by Mapping Hierarchical Holographic Modeling into Risk Filtering, Ranking and Management," Sustainability, MDPI, vol. 14(4), pages 1-18, February.
    20. Faraz Salehi & S. Mohammad J. Mirzapour Al-E-Hashem & S. Mohammad Moattar Husseini & S. Hassan Ghodsypour, 2023. "A bi-level multi-follower optimization model for R&D project portfolio: an application to a pharmaceutical holding company," Annals of Operations Research, Springer, vol. 323(1), pages 331-360, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:15:y:2022:i:1:p:491-:d:1017415. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.