The presence of vulnerabilities in the system of organization personnel security ensuring, increases the probability of appearance and implementation of personnel threats, which entails the need for their identification and assessment. The article highlights the variety of organization personnel security vulnerabilities: personnel vulnerabilities (vulnerabilities of personal qualities and external environment) and organization vulnerabilities. As an evaluation tool of personal qualities vulnerabilities we propose to use a secure employee profile, which includes such characteristics as: employee knowledge and understanding of regulations and procedures of personnel security ensuring, professional, moral and psychological reliability, absence of various addictions, as well as an increased vulnerability to the external environment. This study is based on materials of an expert survey. The agreement among the experts verified using the Kendall’s W. The analysis resulted in a qualitative profile characteristic, comprising the description of the qualities, character traits, behavioral features of a secure employee.
organization personnel security, personnel security vulnerabilities, assessment of vulnerabilities, secure employee profile.
Статья подготовлена при поддержке Министерства образования и науки Российской Федерации в рамках выполнения НИР «Активизация ресурсного потенциала Прибайкальского региона как фактора его устойчивого социально-экономического развития» по государственному заданию № 2014/52 на выполнение работ в сфере научной деятельности в рамках базовой части проекта № 1841.
ВВЕДЕНИЕ
Решение проблем, связанных с оценкой и идентификацией кадровых уязвимостей, имеет большое теоретическое и практическое значение с точки зрения обеспечения безопасности бизнеса и управления персоналом, поскольку позволяет определить причины, источники кадровых угроз и разработать комплекс мер по их предотвращению. Термин «уязвимость» используется для обозначения недостатка в системе, наличие которого может нарушить ее целостность и вызвать неправильную работу [1]. Прилагательное «уязвимый» применяют для характеристики какого-либо объекта, который является плохо защищенным, имеет слабые места и недостатки [2, с. 847; 3, с. 755]. В теории безопасности под уязвимостью понимаются слабые звенья (недостатки) в системе обеспечения безопасности, наличие которых делает возможным реализацию угроз [4].
1. State Standard 53114-2008. Data protection. Ensuring information security in the organization. Basic terms and definitions. Moscow, Standartinform Publ., 2009. 20 p. (In Russian)
2. Ozhegov S.I., Shvedina N.Ju. Tolkovyj slovar’ russkogo jazyka: 80000 slov I frazeologicheskih vyrazhenij [Explanatory Dictionary of the Russian language: 80000 words and idiomatic expressions]. Moscow, Azbukovnik Publ., 1999. 944 p.
3. Lopatin V.V., Lopatina L.E. Russkij tolkovyj slovar’ [Russian Dictionary]. Moscow, Russkij jazyk Publ., 1997. 832 p.
4. Astahova L.V. The problem of evaluating the vulnerability of RK-protection object information. Vestnik UrFO. Bezopasnost’ v informacionnoj sfere [Journal of UrFO. Security in the field of information], 2011, I. 1, pp. 26-33. (in Russian)
5. Bojdalo M.K., Zhigulin G.P. The staff of the organization as a vulnerability in the system of information security: attacks and counter them. Nauchno-tehnicheskij vestnik Povolzh’ja [Scientific and technical journal of the Volga region], 2015, I. 3, pp. 89-91. (in Russian)
6. Astahova L.V., Zemljanskaja O.O. Methods of assessing the vulnerability of human organization of information security at the stage of receiving the employee to work. Vestnik UrFO. Bezopasnost’ v informacionnoj sfere [Journal of UrFO. Security in the field of information], 2013, I. 1(7), pp. 53-59. (in Russian)
7. Denisov V.V. Analysis of the data protection in information systems. Novosibirsk, NGTU Publ., 2012. 52 p.
8. Shemyakov A.O. The reasons of increase of vulnerability and decrease in firmness of functions of safety of the automated systems of higher education institution. Doklady Tomskogo gosudarstvennogo universiteta system upravlenija I radiojelektroniki [Reports of the Tomsk State University of Control Systems and Radio Electronics], 2013, I. 1 (27), pp. 80-82. (in Russian)
9. Ozernikova T.G., Kuznetsova N.V. Development of internal corporate social responsibility in Russian companies. Sociologicheskie issledovanija [Sociological studies], 2015, I. 6, pp. 23-34. (in Russian)
10. Shipilov A.I., Shipilova O.A. How to ensure the reliability of the staff? Upravlenie personalom [Personnel Management], 2002, I. 8. pp. 23-27. (in Russian)
11. Adekola B. The Impact of Organizational Commitment on Job Satisfaction: A Study of Employees at Nigerian Universities. International Journal of Human Resource Studies, 2012, I. 2, pp. 1-17.
12. Campbell J.-L., Göritz A. Culture Corrupts! A Qualitative Study of Organizational Culture in Corrupt Organizations. Journal of Business Ethics, 2014, vol. 120, I. 3, pp. 291-311.
13. Alaverdov A.R. Management personnel security organizations. Moscow, Market DS Publ., 2010. 176 p.
14. Ustin P.N. Opportunities to overcome the destructive tendencies in human behavior. Uchenye zapiski Kazanskogo gosudarstvennogo universiteta [Scientific notes of the Kazan State University], 2007, vol. 149, I. 1, pp. 197-208. (in Russian)
15. AntonjanJu. M. Personality of the offender. Kriminologo-psychological research. Moscow, Norma, Infra-M Publ., 2010. 368 p.
16. Zerkalov D.V. Razvedka: hrestomatija, kn. 1 [Exploration: Anthology, Vol. 1]. Kiev, Nauk. Mir Publ., 2008. 190 p.
17. Tulup’eva T.V., Tulup’ev A.L., Pashhenko A.E., Azarov A.A., Stepashkin M.V. Social and psychological factors that influence the vulnerability of users of information systems, in terms of socio-engineering attacks. Trudy Sankt-Peterburgskogo institute informatiki I avtomatizacii Rossijskoj akademii nauk [Journal of the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences], 2010, I. 1(12), pp. 200-214. (in Russian)
18. Korolev M.I. Economic security firms: theory, practice, strategy selection. Moscow, Jekonomika Publ., 2011. 284 p.
19. Kuznetsova N.V. Personnel security organization: the concept and mechanism to ensure. Irkutsk, Baikal State University of Economics and Law Publ., 2013. 288 p.