点击次数：

论文类型：会议论文

发表时间：2015-01-01

收录刊物：CPCI-S

页面范围：353-358

关键字：Compliance; Galois lattice; information security management; information security policy; two-mode network

摘要：Employees' noncompliance with the information security policy results in a large number of information security incidents in organizations. The information security managers need to understand and manage the noncompliance behaviors of employees. The representation and pattern of the information security noncompliance or compliance will help managers to gain insights on, and to counter effectively the threats originated from the employees. This study proposes a Compliance Galois Lattice Diagram (CGLD) for visually representing and analyzing the employees' compliance patterns. Six compliance patterns, namely, compliance outlier, compliance core and peripheral, compliance subgroup, compliance partition, multiple compliance containment and compliance equivalence, have been obtained from the CGLD. A comparative analysis of these patterns and the structural features identified from the network generated by the UCINET software reveals that fairly good consistency has been reached between them.