Internal Control of Information Sharing through user Security Behavioural Profiling
This paper presents a workable solution to address the human-related information security problem of improper sharing of information by insiders with outsiders or unauthorized insiders. This system differs from most currently available information security solutions as in that, instead of relying solely on technological security measures it adapts a mixture of social and technological solutions. The presented system monitors users’ security best practices and behavioural patterns and creates user security behavioural profiles and thus identifies users who might potentially pose threats to the organization’s information security. The system then determines and schedules the security education and training to be given to these users.