组织内部员工信息安全胜任评价模型

运筹与管理 ›› 2014, Vol. 23 ›› Issue (1): 151-156.

组织内部员工信息安全胜任评价模型

柳玉鹏, 曲世友

哈尔滨工业大学(威海) 经济管理学院,山东威海 264209

收稿日期:2012-12-09 出版日期:2014-01-25
作者简介:柳玉鹏(1981-),男,山东龙口人,博士,讲师,主要研究方向为决策理论与方法、组织理论;曲世友(1969-),男,黑龙江哈尔滨人,博士,教授,博士生导师,主要研究方向为技术管理理论与方法、区域技术转移与扩散理论。
基金资助:
国家自然科学基金(71103048)教育部人文社科基金(12YJC630131)哈尔滨工业大学校基金(HIT(WH)X201102)山东省社会科学规划研究项目(12DGLJ13)

Information Security Competency Evaluation Model for Internal Staff

LIU Yu-peng, QU Shi-you

Economy and Management School of Harbin Institute of Technology, Weihai 264209, China

Received:2012-12-09 Online:2014-01-25

摘要/Abstract

摘要： 针对内部员工信息安全胜任评价这一重要问题,在分析内部信息攻击行为的特点及全面总结胜任特征相关研究成果的基础上,构建了内部员工信息安全胜任特征评价指标体系,在此基础上提出了组织内部员工信息安全胜任特征评价模型。模型基于安全风险防范思想,将评价环节分为两个环节,综合考虑了决策者制定决策偏好和候选员工的个性优势,更实际地反映了候选员工间的差别。最后通过案例分析验证了该评价模型的有效性和实用性。

关键词: 运筹学, 胜任评价模型, 多准则妥协解排序法, 信息安全, 个性优势, 组织内部员工

Abstract: In recent years, more and more evidence shows that the security of information systems and information management within the organization is a major security risk. Therefore, it is particularly urgent and important that internal staff shall be evaluated and a staff competenly information security responsibility is found to eliminate internal attack behaviours of employees and ensure the security of information systems and information management. Consequently information security competency evaluation for internal staff is an important issue. Under the analysis of the characteristics of the aggressive behavior from internal staff and a comprehensive summary of the competency research, internal staff information security competency evaluation index system is built. On this base, organization internal staff information security competency evaluation model is proposed. Based on safety and risk prevention thinking, the model divides the evaluation into two stages and takes into account the personality advantage of the decision makers in decision- making preferences and individuality advantage, which more realistically reflects the difference between the team members. Finally, the effectiveness and practicality of the evaluation model is verified through case analysis.

Key words: operations research, competency evaluation, VIKOR, information security, individuality advantage, internal staff

中图分类号:

F224

柳玉鹏, 曲世友. 组织内部员工信息安全胜任评价模型[J]. 运筹与管理, 2014, 23(1): 151-156.

LIU Yu-peng, QU Shi-you. Information Security Competency Evaluation Model for Internal Staff[J]. Operations Research and Management Science, 2014, 23(1): 151-156.

参考文献

[1] OuYang Y P, Shieh H M, Tzeng G H. A VIKOR technique based on DEMATEL and ANP for information security risk control assessment[J].Information Sciences,2011(Article in press).
[2] 应凌云,杨轶.软件动态分析与信息系统安全[J].中国科学院院刊,2011,26(3):310-315.
[3] 付钰,吴晓平,叶清.基于改进 FAHP-BN 的信息系统安全态势评估方法[J].通讯学报,2009,30(9):135-140.
[4] 阙喜戒,孙锐,龚向阳.信息安全原理及应用[M].北京:清华大学出版社,2003:1-50.
[5] Ebru Yeniman Yildirima, Gizem Akalpa, Serpil Aytacb, Nuran Bayramb.Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey[J].International Journal of Information Management, 2011, 31(4): 360-365.
[6] 林梦泉,王强民,陈秀真,李建华.基于粗糙集的网络信息系统安全评估模型研究[J].控制与决策,2007,22(8):951-955.
[7] 赵俊阁,张琪,付钰.贝叶斯网络推理在信息系统安全风险评估中的应用[J].海军工程大学学报,2007,19(6):67-70.
[8] Lo CC, Chen WJ. A hybrid information security risk assessment procedure considering interdependences between controls[J]. Expert Systems with Applications, 2012, 39(1): 247-257.
[9] 李文立,王小龙.组织内部员工的信息安全非胜任特征的评价指标与方法[A].陈国青,霍佳震.中国信息系统研究:新兴技术背景下的机遇与挑战[C].上海:同济大学出版社,2011.576-580.
[10] 贾建锋,赵希男,温馨.管理胜任特征的研究综述、评析与展望[J].预测,2010,29(3):74-80.
[11] McClelland, David C. Testing for competence rather than for intelligence[J]. American Psychologist, 1973, 28(1): 1-14.
[12] Boyatzis R E. The competent management: a model for effective performance[M]. New York: John Wliey, 1982. 1-20.
[13] Spencer L M, Spencer S M. Competence at Work: Models for Superior Performance[M]. John Willey & Sons, Inc., 1993.1-50.
[14] Keng Siau, Xin Tan, Hong Sheng. Important characteristics of software development team members: an empirical investigation using Repertory Grid[J]. Information system journal, 2010, 20(6): 563-580.
[15] 黄攸立,刘莜.国外工作场所负面人格特质研究评述[J].心理科学进展,2011,19(1):85-93.
[16] 姜昱汐,迟国泰,严丽俊.基于最大熵原理的线性组合赋权方法[J].运筹与管理,2011,20(1):53-59.
[17] 周荣喜,刘善存,邱菀华.熵在决策分析中的应用综述[J].控制与决策,2008,23(4):361-371.
[18] 贾建锋,赵希男,孙世敏.基于比较优势的组织绩效评价方法及实证研究[J].科研管理,2011,32(2):151-159.
[19] Opricovic S, Tzeng G H. Extended VIKOR method in comparison with outranking methods[J].European Journal of Operational Research, 2007, 178(2): 514-529.
[20] 李刚,迟国泰,程砚秋.基于熵权TOPSIS的人的全面发展评价模型及实证[J].系统工程学报,2011,26(3):400-407.