KR102134254B1 - Method and electronic device for estimating confidential information leakage - Google Patents

Abstract

The present invention relates to a method and electronic device for estimating a leakage of confidential information. The method performed by the electronic device for estimating a leakage of confidential information through generation of a confidential information leakage possibility index for an organization member or an event according to one embodiment of the present invention comprises: a setting step of setting weights and grades of a plurality of first classification items for the organization member or weights and grades of a plurality of second classification items for the event; and a calculation step of calculating a confidential information leakage possibility index for the organization member or the event based on the weight and grade of each set classification item. The event includes a file transfer operation through a network or a file export operation to another storage medium.

Description

Method and electronic device for estimating confidential information leakage}

The present invention relates to a method and an electronic device for estimating confidential leaks, and more specifically, to more easily audit the organization's confidential leak detection control task by indexing and presenting the possibility of leakage of the confidentiality of the organization in an IT (Information Technology) environment It relates to a method and an electronic device enabling selection of a candidate.

Conventional confidential leak prevention technology (hereinafter referred to as “prior art”) can detect confidential leak behavior by examining whether various predefined information patterns are leaked from the organization to the outside. In particular, the prior art may perform an allow or block function set according to a security management policy for confidential export, and perform a function of logging it as a log. Further, the prior art also provides a function of encryption and access control that encrypts transmission information but receives and decrypts the information only at an authorized destination.

However, in the case of such a conventional technology, only a log according to whether or not information is blocked or allowed is provided, and the possibility of confidential leakage of the organization is not specifically indexed and provided. In other words, the prior art has a limitation in that it is not possible to provide data that can serve as a basis for the identification of members of the organization or candidates to be audited for the task in the management of confidential leak detection and control of the organization.

In order to solve the problems of the prior art as described above, the present invention is a candidate for easier auditing in the confidentiality detection control of the organization by presenting by indexing and suggesting the possibility of leakage of the confidentiality of the organization in the information technology (IT) environment It is an object of the present invention to provide a method and an electronic device for estimating confidential leaks that enable selection.

However, the problem to be solved by the present invention is not limited to the above-mentioned problems, and other problems not mentioned can be clearly understood by those having ordinary knowledge in the technical field to which the present invention belongs from the following description. There will be.

A method for estimating confidential leakage according to an embodiment of the present invention for solving the above problems is performed by an electronic device, and is a method for estimating confidential leakage through generation of a confidential leakage probability indicator for an organization member or an event, ( 1) A setting step of setting the weight and rating of a plurality of first classification items for an organization member or a plurality of second classification items for an event, and (2) for an organization member or event based on the specific gravity and rating of each classification item. And a calculation step for calculating an indicator of the likelihood of a leak.

The event may include a file transfer operation over a network or a file export operation to another storage medium.

The method for estimating confidential leakage according to an embodiment of the present invention may further include selecting an organization member or event of the corresponding indicator as an audit candidate when the calculated confidential leakage probability indicator deviates from the reference indicator.

The specific gravity of each classification item or the reference index may be set using a machine learning technique.

The first classification item may include a department, a position, a job, a working period, a time and attendance status, or a possibility to change jobs.

The setting step may include, in the first classification item, setting the attendance status or the possibility of turnover to a greater weight than the department, position, work, or working period, but setting the working period to the smallest weight.

In the setting step, in the first classification item, the higher the confidentiality of the handling information according to the department, position, or task of an organization member, the higher the rating for the first classification item of the department, position, or task, and the number of years of service The longer the class, the lower the class is set for the first category, and the more late, absent, overtime or holiday work within a certain period of time, the higher the class for the first category of time and attendance. can do.

The second classification item may include information confidentiality, information value, security measures, information destination, information transmission location, information transmission time, occurrence frequency of this member, or occurrence frequency of other members.

In the setting step, in the second category, information value, security measures, or destinations of information are set to a specific gravity less than information confidentiality, information transmission place, time of information transmission, frequency of occurrence of this member, or frequency of occurrence of other members. It may include setting the largest specific gravity.

In the second classification item, the higher the information confidentiality, information value, or security measure, the higher the rating for the second classification item in the second classification item, and the second or more information destination or information transmission place is an unspecified destination or place. Setting a higher grade for the category, setting a higher grade for the second category when the information transmission time is outside of business hours, and setting a lower grade for other members of the organization can do.

The calculating step may include calculating individual classification scores for each classification item set by using [Equation 1] and [Equation 2] below, and then deriving a confidentiality leak probability index using the sum of the individual classification points. Can.

[Equation 1]

(However, i is a natural number, G _i is the i-th classification item, W _i is the specific gravity of the i-th classification item, W _S is the sum of the highest class of each classification item, and C is a constant)

[Equation 2]

(However, S _i is the individual classification score of the i-th classification item, R _i is the set grade of the i-th classification item)

An electronic device according to an embodiment of the present invention is an electronic device that estimates a confidential leak through the generation of a confidential leak probability indicator for an organization member or event, (1) a plurality of first classification items or events for an organization member It includes an input unit for setting the specific gravity and rating of the two second classification items, and (2) a control unit for controlling to calculate an indicator of the likelihood of leakage of confidentiality for members or events based on the specific gravity and rating of each classification item.

The event may include a file transfer operation over a network or a file export operation to another storage medium.

The control unit may set the specific gravity or the reference index of each classification item using a machine learning technique.

When the calculated confidentiality leak probability indicator deviates from the standard indicator, the control unit may select an organization member or event of the indicator as a candidate for audit.

The specific gravity of each classification item or the reference index may be set using a machine learning technique.

The first classification item may include a department, a position, a job, a working period, a time and attendance status, or a possibility to change jobs.

In the first classification item, the control unit may set the attendance status or the possibility of turnover to a weight greater than a department, position, work or work period, but may set the work period to the smallest weight.

In the first classification item, the control unit sets a higher grade for the first classification item of the department, position, or task as the handling information according to the department, position, or task of the organization member increases. The lower grade is set for the first category of work period, and the higher the number of late, absent, overtime, or holiday work within a certain latest period, the higher the grade for the first category of attendance.

The second classification item may include information confidentiality, information value, security measures, information destination, information transmission location, information transmission time, occurrence frequency of this member, or occurrence frequency of other members.

In the second category, the control unit sets the information value, security measure, or destination of the information to a specific gravity smaller than information confidentiality, information transmission location, information transmission time, occurrence frequency of this member, or occurrence frequency of other members. Can be set to a large specific gravity.

In the second classification item, the greater the information confidentiality, information value, or security measure, the higher the rating for the second classification item, and the second classification as the information destination or information transmission place is an unspecified destination or place. The higher the class is set for the item, the lower the class is set for the second classification item when the information transmission time is outside of business hours, and the lower the class is for the frequency of occurrence of this member or the occurrence of other members. Can be set.

The control unit may calculate individual classification scores for each classification item set using [Equation 1] and [Equation 2] below, and then derive a confidential leak probability index using the sum of the individual classification points.

[Equation 1]

(However, i is a natural number, G _i is the i-th classification item, W _i is the specific gravity of the i-th classification item, W _S is the sum of the highest class of each classification item, and C is a constant)

[Equation 2]

(However, S _i is the individual classification score of the i-th classification item, R _i is the set grade of the i-th classification item)

The present invention configured as described above has an advantage of making it possible to more easily select candidates for auditing in the control and management of confidential leak detection of an organization by indexing and presenting the possibility of leaking of the confidentiality of the organization in the IT environment.

That is, the present invention provides a method for calculating an indicator for selecting an organization member or event that can be estimated to have a high probability of leaking confidentiality, thereby solving the difficulty of selecting candidates to be audited, so that the confidentiality leakage audit activity is actually confidential. It allows you to focus on the members or events that are most likely to leak.

In addition, the present invention applies the machine learning technique to reflect the calculated leak probability indicator and the audit results for previously conducted confidential leaks (conventional audit results), thereby establishing the criteria for the leak probability indicator for selecting candidates for audit. Through this, each classification item for calculating the confidentiality leak probability indicator can be modified to suit the corresponding organization, and has an advantage that it can be applied to better reflect the actual leakage probability.

The effects obtainable in the present invention are not limited to the above-mentioned effects, and other effects not mentioned can be clearly understood by those skilled in the art from the following description. will be.

1 is a block diagram of an electronic device 100 according to an embodiment of the present invention.
2 is a flowchart of a method for estimating confidential leakage according to an embodiment of the present invention.

The above objects and means of the present invention and the effects thereof will be more apparent through the following detailed description in connection with the accompanying drawings, and accordingly, those skilled in the art to which the present invention pertains will facilitate the technical spirit of the present invention. Will be able to practice. In addition, in the description of the present invention, when it is determined that the detailed description of the known technology related to the present invention may unnecessarily obscure the subject matter of the present invention, the detailed description will be omitted.

The terminology used herein is for describing the embodiments, and is not intended to limit the present invention. In the present specification, the singular form also includes the plural form in some cases unless otherwise specified in the phrase. In this specification, terms such as “include”, “have”, “have” or “have” do not exclude the presence or addition of one or more other components other than the components mentioned.

In this specification, terms such as “or” and “at least one” may refer to one of the words listed together, or a combination of two or more. For example, “or at least one of B” and “B” may include only one of A or B, and may include both A and B.

In this specification, descriptions following “for example,” etc. may not accurately match the information presented, such as the cited characteristics, variables, or values, and tolerances, measurement errors, limits of measurement accuracy, and other factors commonly known. It should not limit the embodiment of the invention according to various embodiments of the present invention with effects such as modifications.

In this specification, when a component is described as being'connected' or'connected' to another component, it may be directly connected to or connected to the other component, but other components may exist in the middle. It should be understood that it may. On the other hand, when a component is said to be'directly connected' or'directly connected' to another component, it should be understood that no other component exists in the middle.

In the present specification, when a component is described as being'on' or'in contact with' another component, another component may be directly in contact with or connected to the other component, but another component may exist in the middle. It should be understood that it can. On the other hand, when a component is described as being'directly on' or'directly on' another component, it can be understood that another component is not present in the middle. Other expressions describing the relationship between the components, for example,'between' and'directly between' can also be interpreted.

In this specification, terms such as'first' and'second' may be used to describe various components, but the corresponding components should not be limited by the above terms. In addition, the above terms should not be interpreted to limit the order of each component, but may be used for the purpose of distinguishing one component from another component. For example,'first component' may be referred to as'second component', and similarly'second component' may also be referred to as'first component'.

Unless otherwise defined, all terms used in this specification may be used in a sense that can be commonly understood by those skilled in the art to which the present invention pertains. In addition, terms that are defined in a commonly used dictionary are not ideally or excessively interpreted unless specifically defined.

Hereinafter, exemplary embodiments of the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram of an electronic device 100 according to an embodiment of the present invention.

The electronic device 100 (hereinafter referred to as “the present electronic device”) according to an embodiment of the present invention is an “organization member” belonging to an organization (eg, a company, etc.) or an “event” performed by the organization member It is possible to estimate whether or not the organization's confidentiality is leaked. In particular, the electronic device 100 may present a possibility of whether or not the confidential leak of the organization is generated by generating an index calculated in the form of a score called'confidential leak probability indicator'. That is, it is possible to estimate whether or not the organization's confidentiality is leaked. In particular, the electronic device 100 may select an audit target candidate related to the confidential leak using a confidential leak probability indicator, or provide the indicator to the management department of the organization to enable the management department to select the candidate to be audited. have. That is, the electronic device 100 can contribute to the easier selection of an audit target when managing confidential leak detection in the organization.

For example, the electronic device 100 includes a desktop personal computer (PC), a laptop personal computer (PC), a tablet personal computer (PC), a netbook computer, a workstation, and a personal digital assistant (PDA). digital assistant), a smart phone, a smart pad, or a mobile phone, but is not limited thereto.

In the present invention,'confidential' may refer to information that is permitted only to specific departments, positions, tasks, or members of the organization, and is not allowed. Also,'leakage' may refer to a case in which the confidentiality is abnormally transmitted or exported. At this time, the information may refer to a physical file (document) as well as an electronic file (for example, a computer file).

The transmission form of information including confidentiality may be an'online transmission form' through a network, and the'offline export' of storing to another storage medium (ie, a storage medium other than the storage unit 120 in the present storage device 100) Form. The form of online transmission may be shortened to be referred to as'transmission', and the form of offline export may be shortened to be referred to as'exporting', but these two terms may be mixed or used interchangeably.

For example, the online transmission type may include email transmission, web transmission, cloud transmission, chat transmission, or peer to peer (P2P) transmission, and the offline export format may be exported to a portable memory, an external hard disk, or a CD. /Export to DVD, or export to memory of other electronic devices, but is not limited thereto. In this case, the portable memory may include a universal serial bus (USB) memory, a secure digital (SD) card, a mini SD card, or a micro SD card, and the memory of other electronic devices is a USB port of the electronic device 100 It may be internal or external memory of other electronic devices such as a tablet personal computer (PDA), a personal digital assistant (PDA), a smartphone, a smartpad, or a mobile phone connected through a computer, etc. However, it is not limited thereto.

The management department of the organization can manage confidentiality through the electronic device 100. At this time, a classification system can be established by classifying the confidentiality according to the degree of confidentiality, and this can be used to select candidates for audit related to confidentiality leakage. Can. At this time, the current and former members of the organization may be candidates for audit, and events that are individual actions by the members, that is, each action in the form of online transmission or offline transmission may be candidates for audit.

Specifically, as illustrated in FIG. 1, the electronic device 100 may include an input unit 110, a storage unit 120, a communication unit 130, a display unit 140, a control unit 150, and the like. .

The input unit 110 is configured to receive various information. That is, the input unit 110 generates input data in response to a user input. The input unit 110 may include at least one input means. In particular, the input unit 110 may receive a selection of a plurality of classification items, a setting of weight and rating of each selected classification item, and the like from an administrator belonging to the management department of the organization. For example, the input unit 110 may be a keyboard, a key pad, a dome switch, a touch panel, a touch key, a mouse, or a menu button (menu button), and the like, but is not limited thereto.

The storage unit 120 is configured to store various types of information. That is, the storage unit 120 may store various information, software, etc. required for the operation of the electronic device 100. In particular, the storage unit 120 may store an organization member, a classification item, selection information for a plurality of classification items, setting information for a specific gravity and rating of each selected classification item, information for calculating a confidentiality leak probability indicator, and the like. For example, the storage unit 120 may have a hard disk type, a magnetic media type, a compact disc read only memory (CD-ROM), or an optical recording medium type according to its type. type), Magneto-optical media type, Multimedia card micro type, Flash memory type, ROM type (read only memory type), or RAM type ( random access memory type), but is not limited thereto. Further, the storage unit 120 may be a cache, a buffer, a main memory, or an auxiliary memory or a separately provided storage system according to its use/location, but is not limited thereto.

The communication unit 130 is a component that performs communication with the server 20 and the like. In this case, the communication unit 130 may include wired/wireless communication modules of various communication methods. Particularly, the communication unit 130 may receive a selection of a plurality of classification items, a setting for the weight and rating of each selected classification item, etc. from other terminals or servers, such as an administrator belonging to the management department of the organization. For example, the communication unit 130 may include 5th generation communication (5G), long term evolution-advanced (LTE-A), long term evolution (LTE), Bluetooth, Bluetooth low energe (BLE), or near field communication (NFC). It is possible to perform wireless communication, such as wired communication, such as cable communication, but is not limited thereto.

The display unit 140 is a component that displays display data according to the operation of the electronic device 100. For example, the display unit 140 includes a liquid crystal display (LCD), a light emitting diode (LED) display, an organic LED (OLED) display, a microelectromechanical system (MEMS; micro) electro mechanical systems), or electronic paper displays, but is not limited thereto. Also, the display unit 140 may be combined with the input unit 110 and implemented as a touch screen.

The control unit 150 is a component for controlling the input unit 110, the storage unit 120, the communication unit 130, the display unit 140, etc. In particular, the control unit 150 controls the performance of the confidentiality estimation method to be described later. That is, the control unit 150 may control the function of estimating the confidential leak by generating the confidential leak probability indicator, which may be performed through software (program) installed in the storage unit 120. For example, the controller 150 may be a processor, such as a CUP, or software (program) performed on the processor, but is not limited thereto.

Hereinafter, a method for estimating confidential leakage according to an embodiment of the present invention will be described.

2 is a flowchart of a method for estimating confidential leakage according to an embodiment of the present invention.

The method for estimating confidential leakage according to an embodiment of the present invention (hereinafter referred to as “this method”) may include S100 to S400, as illustrated in FIG. 2, but S400 is not an essential configuration and is selectively performed It may be.

That is, S100 is a step of selecting a plurality of classification items, and S200 is a step of setting a specific gravity and rating for each classification item selected in S100. However, the selection information according to S100 or the setting information according to S200 is input through the input unit 110 from the administrator (hereinafter referred to as “first example”) or received through the communication unit 130 (hereinafter “second example”). In addition, the controller 150 may optionally select (hereinafter, referred to as a “third example”) to apply a machine learning technique, which will be described later. However, an active expression or a passive expression for S100 or S200 in the following description or the claims may mean that at least one of the operations of the first to third examples is included. However, even if the operation of the third example is performed, it may be preferable that the selection information according to the first S100 or the setting information according to the S200 is selected and set according to the operation of the first example or the second example.

In addition, S300 is a step of calculating the confidentiality leak probability indicator for an organization member or event based on the weight and grade of each classification item set in S200. In addition, S400 is a step of selecting an organizational member or event of the indicator as a candidate to be audited when the confidential leak probability indicator calculated in S300 deviates from the standard indicator.

The performance of S100 to S400 may be controlled by the controller 150 of the electronic device 100. At this time, the controller 150 may control the performance of S100 to S400 by using dedicated software (program) installed in the electronic device 100.

Hereinafter, a process of performing S100 to S400 will be described in more detail.

That is, in order to generate a confidential leak probability indicator for an organization member, a plurality of first classification items may be selected in S100. Likewise, in order to generate a confidential leak probability indicator for an event, a plurality of second classification items may be selected in S200. Of course, in order to generate a confidential leak probability indicator for members and events, a plurality of first classification items and a plurality of second classification items may be selected together in S100. In this case, the confidential leak probability indicator for the organization member and the confidential leak probability indicator for the event may be generated, but is not limited thereto, and one confidential leak probability indicator for the organization member and the event may be generated.

The first classification item is divided according to the classification system for members, and the second classification item is divided by the classification system for members. That is, the first classification item is an item for classifying an organization member in more detail, and the second classification item is an item for classifying an event in more detail.

When a plurality of first classification items or second classification items are selected in S100, the specific gravity and rating of each classification item are set in S200. At this time, the specific gravity refers to the degree of importance (score) of the category, compared to other selected categories, and the grade refers to the degree (score) applied to the member or event in the category. At this time, the specific gravity and grade may be set as a number (score), and the larger the specific gravity and grade, the higher the number (score) may be set. In particular, for ease of setting, all of the selected classification categories can be set within the same range. For example, the grade of each selected category can be set in the range of 1 to 10. However, when a specific classification item is selected in S100, but the classification item is not related to the member or the event, or the setting of the class is difficult or ambiguous, in S200, the class is unspecified and the value outside the range (for example, Value, such as 0).

Meanwhile, the specific gravity may be set by dividing the first classification item and the second classification item. That is, the specific gravity for any one selected first classification item may be determined according to the degree of importance of the selected plurality of first classification items, and the specific gravity for any one selected second classification item may be determined by the selected second classification. It may be determined according to the degree of importance among items, but is not limited thereto.

After selecting a plurality of classification items according to S100 and S200 and setting specific gravity and rating for each selected classification item, in S300, individual classification scores for each classification item using [Equation 1] and [Equation 2] below May be calculated, and then, in S300, the confidentiality probability indicator may be derived using the sum of the calculated individual classification scores.

[식1]

[Equation 1]

In [Equation 1], i is a natural number, G _i is the i-th classification item, W _i is the specific gravity of the i-th classification item, W _S is the sum for the highest grade of each classification item, and C is a constant.

[식2]

[Equation 2]

In [Equation 2], S _i is an individual classification score of the i-th classification item, and R _i represents a set grade of the i-th classification item.

Subsequently, in S400, when the confidentiality leak probability indicator calculated in S300 deviates from the standard indicator, an organization member of the indicator may be selected as a candidate for audit. In this case, the reference indicator may be a specific value for the confidentiality leak indicator.

For example, the reference indicator can be set using a machine learning technique. That is, a learning model is generated by learning a plurality of learning data according to a machine learning technique, and a reference index can be obtained using the generated learning model. At this time, each learning data has a data pair of an input value and an output value, and the value of the confidential leak probability indicator may correspond to the input value, and whether or not the member or event of the confidential leak probability indicator corresponds to the actual confidential leak (Reflecting the previous audit result) may correspond to the output value.

Of course, the learning model can also estimate (classify) whether or not to leak confidential information on the newly calculated confidential leak indicator. At this time, the efficiency of the audit can be further increased by selecting the relevant organization members or events of the confidential leak possibility index estimated to be the confidential leak as candidates for audit.

That is, according to the present invention, by applying the machine learning technique by reflecting the calculated leak probability indicator and the audit result for the previously performed confidential leak (conventional audit result), the criteria of the leak probability indicator for selecting candidates for audit are established. Can. Through this, each classification item for calculating the confidentiality leak probability indicator can be modified to suit the organization and applied to better reflect the actual leakage probability.

In addition, when applying the machine learning technique, it is possible to select a combination that can further estimate the confidentiality leakage by learning by using the learning data of various combinations that control each classification item and its weight, and accordingly the effective confidentiality probability indicator Can be created.

In this case, in S100 and S200, the classification items of specific combinations and their weights are set as input values, and whether the members or events of the combinations correspond to actual confidential leaks (reflecting the previous audit results) as the result values The data pair can generate learning data. Subsequently, if the performance (for example, Precision, Recall, or Accuracy, etc.) of the training model trained using the training data is higher than the standard, a classification item corresponding to a specific combination of learning data used for training the training model Fields and their specific gravity may be used in calculating the confidentiality leakage probability indicator of a corresponding member or event in the future, or a guide for using the combination may be displayed on the display unit 140. Of course, when the performance of the learning model is less than the standard, the above-described process may be performed by setting the classification items and specific gravity of other specific combinations. This process can be repeated until a learning model having a performance exceeding a standard is derived.

To summarize the application of the machine learning miracle described above, the standard indicator for the confidentiality leak probability indicator or the appropriate specific gravity value of each classification item may be set using a machine learning technique.

For example, the machine learning technique is a supervised learning technique, Artificial neural network, Boosting, Bayesian statistics, Decision tree, Gaussian process regression, Nearest neighbor algorithm, Support vector machine, Random forests, Symbolic machine learning, Ensembles of classifiers, or deep learning techniques, but are not limited thereto.

Hereinafter, an example of generating a confidential leak probability indicator for an organization member and an example of generating a confidential leak probability indicator for an event will be described.

<Example of creation of confidentiality indicators for members of the organization>

For example, in order to generate an indicator of the likelihood of leakage of confidentiality to members of the organization, the first classified items that can be selected in S100 are [Department], [Job], [Task], [Working Period], [T&A Status], [ Possibility to change], or [other content], but is not limited thereto.

The first category of [Department] is an item that evaluates the degree of confidentiality according to the handling information of the department to which an organization member belongs in the organization. That is, it reflects the tendency that the confidentiality of handling information must be different depending on the department. Therefore, the higher the rating (score) can be set as the department of the organization member handles information requiring higher confidentiality. For example, when [Department] is selected in S100, the grade is set within the range of 1 to 10 in S200, but the higher the confidentiality of the handling information of the department to which the organization belongs belongs, the closer to 10 can be set. . However, if it is not specified, 0 may be set for the [Department].

The first category of [Position] is an item that evaluates the degree of position, such as general manager, team leader, team member, etc., given by members of the organization. In other words, the higher the position of an organizational member, the higher the level of information access and decision-making, etc., reflecting the tendency to handle higher levels of confidentiality. Therefore, the higher the position of the organization member, the higher the rating (score) can be set. For example, when [Job] is selected in S100, the grade is set in the range of 1 to 10 in S200, but the higher the job title of the member, the closer it can be set to 10. However, if it is not specified, 0 may be set for the rank of [Job].

The first category of [Task] is an item that evaluates the degree of confidentiality of handling information according to tasks assigned to members of the organization. That is, it reflects the tendency that the confidentiality of handling information must be different depending on the job. Therefore, the higher the rating (score) can be set, the higher the confidentiality of the work of the organization member is. For example, when [Task] is selected in S100, the class is set in the range of 1 to 10 in S200, but the higher the confidentiality of the handling information of the task assigned to the organization member is required, the closer to 10 can be set. . However, if not specified, 0 may be set for the class of [task].

The first category of [Work Period] is an item that evaluates the degree of loyalty to an organization according to the employee's working period. In other words, the longer the longevity, the higher the loyalty of the members to the organization, which reflects the tendency for the confidentiality to leak. Therefore, the longer the longevity of a member of the organization, the lower the grade (score) can be set. For example, when [work period] is selected in S100, the grade is set in the range of 1 to 10 in S200, but may be set closer to 1 as the longevity is longer. However, if not specified, 0 may be set for the grade of [work period].

The first category of [T&A Status] is an item that evaluates the status of T&A within a certain latest period (for example, the last month, etc.) of an organization member. In other words, during the latest period, the worse the T&A indicator, which is a combination of poor indicators such as late and absenteeism, and overtime indicators such as overtime and holiday work, that is, the more the number of times or the total score according to the number of times scored The larger the item, the more likely it is to reflect confidentiality leaks. Therefore, the worse the T&A status, the lower the rating (score) can be set. For example, when [T&A Status] is selected in S100, the grade is set in the range of 1 to 10 in S200, but the worse the T&A indicator, the closer it can be set to 10. However, if it is not specified, 0 may be set as the grade of [T&A Status].

The first classification item in [Possibility of Turnover] is the item that the head of the department of the member or the head of the senior department observes and evaluates the member. In other words, the higher the likelihood of a job change, the higher the likelihood of a confidential leak. Therefore, the higher the likelihood of a job change due to a suspicious behavior, etc., as a result of observation of a member of the organization by a department head of the organization member or a senior manager of the higher level periodically, a higher grade (score) may be established. For example, when [Relocation possibility] is selected in S100, the grade may be set in the range of 1 to 10 in S200, and the higher the possibility of relocation, the closer it is to 10. However, if it is not specified, 0 may be set for the grade of [Possibility of Turnover].

The first category of [Other Contents] is the items that can be added in addition to [Department], [Position], [Business], [Working Period], [T&A Status] and [Possibility of Turning]. This section is about information that may be important for estimating confidential leaks. For example, when [Other Contents] is selected in S100, the grade is set in the range of 1 to 10 in S200, but the greater the importance of confidentiality, the closer it can be set to 10. However, if not specified, 0 may be set for the rating of [In-flight Content].

On the other hand, in S200, when setting the weight for [Department], [Position], [Task], [Working Period], [T&A Status], [Possibility of Turnover], or [Other Contents], [T&A Status] or [Turnover] Possibility] may be set to a specific gravity greater than [Department], [Position], [Task], or [Working Period], but [Working Period] may be set to the smallest specific gravity. Alternatively, a guide for performing such a setting may be displayed on the display unit 140. That is, [T&A Status] and [Possibility of Turnover] are items that reflect the status of the latest organization members, and thus it may be desirable to occupy a larger weight than other first classification items. In addition, since confidentiality is often leaked by members of the organization with long service lives, it may be desirable that the [work period] occupies the smallest weight.

For example, in S200, [Department], [Position], and [Task] are relatively medium or higher (second highest), [Working Period] is relatively medium or lower (third highest), [T&A Status] and [Possibility of Turning Off] may be respectively set to a relatively high (first highest) specific gravity, or a guide for performing such setting may be displayed on the display 140.

The following [Table 1] is for each member of the organization, selected from S100, [Department], [Position], [Task], [Working Period], [T&A Status] and [Relocation Potential], each first category item (G _i ) And, it represents the value of specific gravity (W _i ) and rating (R _i ) for each first classification item (G _i ) set in S200.

NNo
((i) Category 1
(G _i ) importance
(W _i ) Rating
(R _i ) Reference One Department 10 10 R ₁ : Unspecified 0, minimum 1 to maximum 10 2 position 10 5 R ₂ : Unspecified 0, minimum 1 to maximum 10 3 task 10 5 R ₃ : Unspecified 0, minimum 1 to maximum 10 4 employment period 5 9 R ₄ : Unspecified 0, minimum 1 to maximum 10 5 T&A Status 10 0 R ₅ : Unspecified 0, minimum 1 to maximum 10 6 Possibility to change jobs 15 3 R ₆ : Unspecified 0, minimum 1 to maximum 10

[Table 2] below shows individual classification scores for each first classification item calculated in S300 and the likelihood of leakage, using the settings in [Table 1].

NNo
((i) Setting for the first category Calculated value Category 1
(G _i ) importance
(W _i ) Rating
(R _i )

Specific gravity indicator
(G _i )

Individual classification score
(S _i )

One Department 10 10 10/50 × 10 = 2 10 × 2 = 20 2 position 10 5 10/50 × 10 = 2 5 × 2 = 10 3 task 10 5 10/50 × 10 = 2 5 × 2 = 10 4 Longevity 5 9 5/50 × 10 = 1 9 × 1 = 9 5 T&A Status 10 0 - - 6 Possibility to change jobs 15 3 15/50 × 10 = 3 3 × 3 = 9 Sum 10 58
(Leakage potential indicator)

The contents of [Table 1] and [Table 2] are summarized as follows:-The first classification item selected in S100: The first classification item affecting the confidentiality leakage estimate for the member-The first classification item selected in S100 Number of = 6

-In S200, the number of first classified items (hereinafter referred to as “used first classified items”) that are not in the unspecified class = 5

-Maximum score (W _S ): The sum of the maximum ratings of all first category items used for which the rating is not 0 = 10 + 10 + 10 + 10 + 10 = 50

-Establishment of specific gravity for the first category of use: Compared with other first category of use, but given the weight value considering the maximum score (W _S ) (however, the sum of the specific gravity values of all the first category of use is maximum Score)

-Specific gravity index (G _i ) = set specific gravity (W _i ) / maximum score (W _S ) × constant (C) (for example, C may be 10, etc.)

-Individual classification score (S _i ) of each first category of use = set grade (R _i ) × specific gravity index (G _i ) = [20, 10, 10, 9, 9]

-Outflow probability indicator = sum of individual classification scores (S _i ) (however, the outflow potential indicator value can be unspecified 0, or a minimum of 1 to a maximum of 100) = 20 + 10 + 10 + 9 + 9 = 58

Through the above process, it is possible to derive the indicator of the likelihood of leakage for each member of the organization. However, the first classification items used to derive the first spill probability indicator of the first member may be different from the first classification items used for the second spill potential indicator of the second member.

Subsequently, in S400, when the confidentiality leak probability indicator calculated in S300 deviates from the standard indicator, an organization member of the indicator may be selected as a candidate for audit.

<Example of the generation of confidentiality indicators for events>

For example, in order to generate a confidential leak probability indicator for an event, the second classified items that can be selected in S100 include [Information confidentiality], [Information value], [Security measures], [Information receiver], [Information transmission] Place], [time of information transmission], [frequency of occurrence of this member], or [frequency of occurrence of other members], or [other content], but is not limited thereto.

The second category of [Information confidentiality] is an item for evaluating the degree of confidentiality of the target information of the event. That is, it is an item reflecting the tendency that the degree of confidentiality of the target information is different for each event. Therefore, the higher the rating (score) can be set, the higher the confidentiality of the target information of the event is. For example, when [information confidentiality] is selected in S100, the class is set in the range of 1 to 10 in S200, but the higher the target information of the event is, the more confidential information is required. . However, if it is not specified, the level of [Information confidentiality] may be set to 0.

The second category of [information value] is an item that evaluates the degree of value of the target information of the event. At this time, the value may be not only a monetary value, but also a value due to damages caused by punishment (fines, fines, or imprisonment) that may occur when the law is not observed, such as the Personal Information Protection Act. In this case, it can be said that the greater the corresponding punishment, the greater the value of the target information of the event. That is, it reflects the tendency that the degree of value of the target information is different for each event. Accordingly, a higher level (score) may be set as the target information of the event has higher value. For example, when [information value] is selected in S100, the rating is set in the range of 1 to 10 in S200, but the closer the target information of the event is the information having a higher value, the closer it is to 10. However, if it is not specified, 0 may be set for the rating of [Information Value].

The second category of [Security Measures] is to evaluate the degree of security measures prepared for the target information of the event. At this time, the security measure may be a means that makes it difficult to transmit or export the target information or a means that makes it difficult to actually use the target information even if the target information is transmitted or exported. For example, the security measures may include encryption application, access control application, and the like, but are not limited thereto. That is, it reflects the tendency that the degree of security measures for the target information is different for each event. Therefore, the higher the level of security measures for the target information of the event, the higher the rating (score) can be set. For example, when [security measures] is selected in S100, the grade is set within the range of 1 to 10 in S200, but the higher the level of security measures for the target information of the event, the closer it can be set to 10. . However, if it is not specified, the level of [security measures] may be set to 0.

The second classification item of [Destination Destination] is an item for evaluating the type of object for receiving the object information of the event. That is, it is an item reflecting the tendency that the type of the destination of the target information is different for each event. For example, the destination may be internal, external, cooperative organization, customer, competitor, etc. of the organization, but is not limited thereto. Therefore, the lower the rating (score) can be set as the destination of the event is a designated destination such as inside the organization. Conversely, the higher the rating (score) can be set as the destination of the event is a destination other than designated, such as outside the organization or a competitor. For example, when [information destination] is selected in S100, the grade is set within the range of 1 to 10 in S200, but as events are received at destinations other than designated, it may be set closer to 10. However, if it is not specified, 0 may be set as the rating of [destination destination].

The second classification item of [Information transmission place] is an item for evaluating the type of the place for transmitting or exporting the target information of the event. That is, it is an item reflecting the tendency that the type of the target information transmission place is different for each event. For example, the transmission location may be internal, external, specific point, home, or public location of the organization, but is not limited thereto. Therefore, the lower the grade (score) can be set, the more the designated location is the location where the event is transmitted, such as inside the organization. Conversely, the higher the rating (score) can be set, the more the place where the event is sent is outside the organization, such as outside the organization. For example, when [information transmission place] is selected in S100, the grade is set within the range of 1 to 10 in S200, but may be set closer to 10 as an event is transmitted to a transmission place other than designated. However, if it is not specified, 0 may be set as the rating of [location of information transmission].

The second classification item of [time of information transmission] is an item for evaluating the time for transmitting or exporting the target information of the event. That is, the transmission time of the target information must be different for each event, and the transmission time is outside of working hours, which reflects the tendency of confidential leakage. For example, the transmission time may be working hours, non-working hours, holidays, vacations, etc., but is not limited thereto. Accordingly, a lower grade (score) may be set as the transmission time of the event is a designated time such as a working time. Conversely, a higher grade (score) may be set as the transmission time of the event is a non-designated time, such as non-working time, holiday, or vacation. For example, when [information transmission time] is selected in S100, the class is set within the range of 1 to 10 in S200, but may be set as close to 10 as the event is transmitted outside the designated time. However, if not specified, 0 may be set for the rating of [Information transmission time].

The second classification item of [the occurrence frequency of this member] is an item for evaluating the extent to which this member repeatedly generates the corresponding event. In other words, the more likely it is that a specific organizational member repeatedly generates a specific event, the more likely it is to leak confidential information. Therefore, the higher the rating (score) can be set as the corresponding event is repeated by the member. For example, when [the frequency of occurrence of the present member] is selected in S100, the grade is set within the range of 1 to 10 in S200, but may be set closer to 10 as the event is repeated. However, if it is not specified, the grade of [the frequency of occurrence of this member] may be set to 0.

The second category of [Occurrence frequency of other members] is an item that evaluates the degree to which the event occurred by one or more other members of the organization. In other words, the more likely to be a confidential leak, the more likely it is if multiple members of the organization generate a specific event. Therefore, the higher the number of corresponding events by other members of the organization, the lower the rating (score) can be set. For example, if [Occurrence frequency of other members] is selected in S100, the grade is set within the range of 1 to 10 in S200, and the more the number of occurrences of other members of the event, the more the number of occurrences can be set. have. However, if it is not specified, 0 may be set as the grade of [the frequency of occurrence of other members].

The second category of [Other Contents] includes [Information Confidentiality], [Information Value], [Security Measures], [Information Destination], [Information Transmission Location], [Information Transmission Time], and [Frequency of occurrence of this member] ] And [the frequency of occurrence of other members of the organization], and items that can be added to important information for estimating confidential leaks related to events. For example, when [Other Contents] is selected in S100, the grade is set in the range of 1 to 10 in S200, but the greater the importance of confidentiality, the closer it can be set to 10. However, if not specified, 0 may be set for the rating of [In-flight Content].

On the other hand, in S200, [information confidentiality], [information value], [security measures], [information destination], [information transmission location], [information transmission time], [frequency of occurrence of this member], [occurrence of other members] When setting the weight for [Frequency] or [Other Contents], [Information Value], [Security Measures], or [Destination of Information] is [Information Confidentiality], [Information Transmission Location], [Time of Information Transmission], Frequency of occurrence] or less than [frequency of occurrence of other members], but [information confidentiality] may be set as the highest. Alternatively, a guide for performing such a setting may be displayed on the display unit 140. That is, [Information confidentiality], [Place of information transmission], [Time of information transmission], [Frequency of this member] and [Frequency of other members] are items that reflect the nature of the event related to confidentiality, so other second classification It may be desirable to occupy a greater specific gravity than the item. In particular, since [information confidentiality] is an item that reflects the direct nature of the target information of the event, it may be desirable to occupy the largest weight.

For example, in S200, [information confidentiality] is the most important (first highest) weight, [information value] is relatively medium or higher (third highest), and [security measures] is relatively medium. The proportion of the degree (4th highest), [Destination for information] is relatively less than the middle (5th highest), [Information transmission location], [Information transmission time], [Occurrence frequency of this member] and [Others] The frequency of occurrence of tissue members] may be respectively set to a relatively high (second highest) specific gravity, or a guide for performing such setting may be displayed on the display unit 140.

The following [Table 3] shows the [Information confidentiality], [Information value], [Security measures], [Information destination], [Information transmission location], [Information transmission time], and [This information] It represents the value of the weight (W _i) and rating (R _i) for each of the second classifier (G _i) and a respective second classification items are set in S200 (G _i) of incidence.

NNo
((i) Category 1
(G _i ) importance
(W _i ) Rating
(R _i ) Reference One Information confidentiality 20 7 R ₁ : Unspecified 0, minimum 1 to maximum 10 2 Information value 10 0 R ₂ : Unspecified 0, minimum 1 to maximum 10 3 Security measures 15 5 R ₃ : Unspecified 0, minimum 1 to maximum 10 4 Destination 10 8 R ₄ : Unspecified 0, minimum 1 to maximum 10 5 Information transmission place 5 One R ₅ : Unspecified 0, minimum 1 to maximum 10 6 When to send information 10 One R ₆ : Unspecified 0, minimum 1 to maximum 10 7 Frequency of occurrence of this member 5 0 R ₇ : Unspecified 0, minimum 1 to maximum 10 8 Frequency of occurrence of other members 5 0 R ₈ : Unspecified 0, minimum 1 to maximum 10

[Table 4] below shows the individual classification scores for each second classification item calculated in S300 and the likelihood of leakage, using the settings in [Table 3].

NNo
((i) Settings for the second category Calculated value Category 1
(G _i ) importance
(W _i ) Rating
(R _i )

Specific gravity indicator
(G _i )

Individual classification score
(S _i )

One Information confidentiality 20 7 20/50 × 10 = 4 7 × 4 = 28 2 Information value 10 0 - - 3 Security measures 5 5 5/50 × 10 = 1 5 × 1 = 5 4 Destination 10 8 10/50 × 10 = 2 8 × 2 = 16 5 Information transmission place 5 One 5/50 × 10 = 1 1 × 1 = 1 6 When to send information 10 One 10/50 × 10 = 2 1 × 2 = 2 7 Frequency of occurrence of this member 5 0 - - 8 Frequency of occurrence of other members 5 0 - - Sum 10 52
(Leakage potential indicator)

The contents of [Table 3] and [Table 4] are summarized as follows:-2nd classification item selected in S100: 2nd classification item affecting the confidentiality leakage estimation for the event-1st classification item selected in S100 Number of = 8

-In S200, the number of 2nd classification items (hereinafter referred to as “use 2nd classification items”) that are not in the unspecified class = 5

-Maximum score (W _S ): The sum of the maximum ratings of all second-class items that have a non-zero rating = 10 + 10 + 10 + 10 + 10 = 50

-Establishment of specific gravity for the second category of use: Compared with other second category of use, but given the weight value considering the maximum score (W _S ) (however, the sum of the specific gravity values of all the second category of use is maximum Score)

-Specific gravity index (G _i ) = set specific gravity (W _i ) / maximum score (W _S ) × constant (C) (for example, C may be 10, etc.)

-Individual classification score for each second category of use (S _i ) = set grade (R _i ) × specific gravity index (G _i ) = [28, 5, 16, 1, 2]

-Outflow probability indicator = sum of individual classification scores (S _i ) (however, the outflow potential indicator value can be unspecified 0, or a minimum of 1 to a maximum of 100) = 28 + 5 + 16 + 1 + 2 = 52

Through the above process, it is possible to derive an indicator of the likelihood of leakage for each event performed by members of the organization. However, the second classification items used to derive the first spill probability indicator of the first event may be different from the second classification items used for the second spill probability indicator of the second event.

Thereafter, in S400, when the confidential leak probability indicator calculated in S300 deviates from the reference indicator, an event of the indicator may be selected as a candidate for audit.

In the present invention, the outflow probability indicator calculated according to S300 may be, for example, a score from a minimum of 1 to a maximum of 100. At this time, the larger the value, the higher the probability of confidential leak, which means that the corresponding organization member or event can be a more promising candidate for audit. However, this does not mean the percentage of confidential leaks that actually occurred. In other words, the value of the 100 leak probability indicator does not mean 100% confidential leak probability.

In the past, it has been very difficult to provide an index for selecting candidates for audit related to confidential leaks. However, in the case of the present invention, it is possible to select an audit target candidate that can be performed during a given audit period in consideration of the organization's ability to perform the audit. In other words, the number of members or events that can be audited among them can be selected as candidates for audit by arranging in the order of the highest possible leak indicator.

As described above, according to the present invention, by presenting and indicating the possibility of confidential leakage of an organization member or event in an IT (Information Technology) environment, it is easier to select an audit target candidate in the confidential leakage detection control task of the organization There is an advantage that makes this possible.

That is, the present invention provides a method for calculating an indicator for selecting an organization member or event that can be estimated to have a high probability of leaking confidentiality, thereby solving the difficulty of selecting candidates to be audited, so that the confidentiality leakage audit activity is actually confidential. It allows you to focus on the members or events that are most likely to leak.

In addition, the present invention applies the machine learning technique to reflect the calculated leak probability indicator and the audit results for previously conducted confidential leaks (conventional audit results), thereby establishing the criteria for the leak probability indicator for selecting candidates for audit. Through this, each classification item for calculating the confidentiality leak probability indicator can be modified to suit the corresponding organization, and has an advantage that it can be applied to better reflect the actual leakage probability.

In the detailed description of the present invention, specific embodiments have been described, but various modifications are possible without departing from the scope of the present invention. Therefore, the scope of the present invention is not limited to the described embodiments, but should be defined by the claims that will be described later and those equivalent to the claims.

100: terminal 110: input unit
120: storage unit 130: communication unit
140: display unit 150: control unit

Claims (7)

As a method of estimating a confidential leak for each member and an event, which is performed by an electronic device and through the generation of a confidential leak probability indicator for an event performed by the member and the generation of a confidential leak probability indicator for the member,
A setting step of setting weights and ratings of a plurality of first classification items for an organization member, and setting weights and ratings of a plurality of second classification items for an event;
A calculation step of calculating a confidentiality leak probability indicator for each member and event based on the weight and grade of each classified item; And
If the confidentiality leak potential indicator for the calculated organizational member deviates from the standard indicator, the corresponding organizational member is selected as the candidate for audit. Including the selection step;
The first category includes [Department], which is an item about the confidentiality of information handled by the department to which the member belongs, and [Item], which is an item about the degree of the position assigned to the member, and the tasks assigned to the member. [Work], which is an item on the confidentiality of the handling information, [Working period], which is an item against the employee's working period, [T&A status], which is an item on the time and attendance status within a certain period of time, and an item on the possibility of a member's turnover. Each of the [possible turnover],
The second classification items include [information confidentiality], which is an item on the degree of confidentiality of the target information of the event, and [information value], which is an item on the degree of monetary value or the value of the damage of the target information of the event, [Security measures], which is an item on the degree of security measures prepared for the target information of the event, [Destination for information], which is an item on the type of the target that receives the target information of the event, and the target information of the event. [Information transmission place], which is an item for the type of place, [Time when information is transmitted], which is the time for transmitting or exporting the target information of the event, and [Items for the degree to which the relevant member repeatedly generates the event] The frequency of occurrence of this member] and the items of the frequency of occurrence of events repeatedly by members other than the member, respectively.
The setting step,
With regard to the first category, [T&A Status] and [Possibility of Turnover] are set to a greater proportion than [Department], [Position], [Task], and [Working Period], but [Working Period] is set to the smallest weight. And the higher the confidentiality of the handling information of the department to which the member belongs, the higher the rank assigned to the [department], the higher the rank assigned to the member, and the higher the rating to the member The higher the confidentiality of the handling information according to the assigned task, the higher the rating for [task], the longer the employee's longevity, the lower the rating for [working period], The higher the number of late work, absenteeism, overtime or holiday work, the higher the level of attendance.
In relation to the second category, [Information value], [Security measures] and [Destination destination] are [Information confidentiality], [Information transmission location], [Information transmission time], [Occurrence frequency of this member] and [Others] The frequency of occurrence of organization members] is set to a smaller weight, but [Information Confidentiality] is set to the largest weight, and the greater the degree of confidentiality of the target information of the event, the higher the rating for [Information Confidentiality], and the target information of the event. The higher the monetary value or the value according to the damage, the higher the rating is set for [Information Value], and the greater the degree of security measures prepared for the target information of the event, the higher the rating is set for [Security Measures]. The higher the rating is set for [Information destination] as the destination for receiving the target information of the destination is higher than [Specification destination], and the place for transmitting or exporting the target information of the event is the higher rating for [Information transmission place] Set the higher the rating for [time of information transmission] as the time for sending or exporting the target information of the event is outside business hours, and the greater the frequency of occurrence of the event by the corresponding member, in [the frequency of occurrence of this member] And setting a higher rating for the other member, and setting a lower rating for the [occurrence frequency of other members] as the frequency of occurrence of events by other members is greater. delete According to claim 1,
A method characterized in that the specific gravity or the reference index of each category is set using a machine learning technique. delete delete According to claim 1,
The calculation step,
Comprising the steps of calculating an individual classification score for each classification item set by using the following [Equation 1] and [Equation 2], and deriving the confidentiality leak probability index using the sum of the individual classification points Way.
[Equation 1]

(However, i is a natural number, G _i is the i-th classification item, W _i is the specific gravity of the i-th classification item, W _S is the sum of the highest class of each classification item, and C is a constant)
[Equation 2]

(However, S _i is the individual classification score of the i-th classification item, R _i is the set grade of the i-th classification item) An electronic device that estimates a confidential leak for each member and event through the generation of a confidential leak probability indicator for an organization member and an event performed by the member,
A storage unit in which the specific gravity and rating of the plurality of first classification items are stored for the organization member, and the specific gravity and rating of the plurality of second classification items are stored for the event; And
Based on the weight and grade of each category, the confidentiality probability indicator for each member and event is calculated, and when the confidentiality probability indicator for the calculated member member deviates from the standard indicator, the member is selected as an audit candidate. Includes a control unit for controlling to select the event as a candidate to be audited when the confidentiality probability indicator for the calculated event deviates from the standard indicator,
The first category includes [Department], which is an item on the confidentiality of information handled by the department to which an organization member belongs, [Title], which is an item on the degree of the position assigned to the organization member, and the tasks assigned to the organization member. [Work], which is an item on the confidentiality of the handling information, [Working period], which is an item against the employee's working period, [T&A status], which is an item on the time and attendance status within a certain period of time, and an item on the possibility of a member's turnover. Each of the [possible turnover],
The second classification items include [information confidentiality], which is an item on the degree of confidentiality of the target information of the event, and [information value], which is an item on the degree of monetary value or the value of the damage of the target information of the event, [Security measures], which is an item on the degree of security measures prepared for the target information of the event, [Destination for information], which is an item on the type of the target that receives the target information of the event, and the target information of the event. [Information transmission place], which is an item for the type of place, [Time when information is transmitted], which is the time for transmitting or exporting the target information of the event, and [Items for the degree to which the relevant member repeatedly generates the event] The frequency of occurrence of this member] and the items of the frequency of occurrence of events repeatedly by members other than the member, respectively.
The control unit,
With regard to the first category, [T&A Status] and [Possibility of Turnover] are set to a greater proportion than [Department], [Position], [Task], and [Working Period], but [Working Period] is set to the smallest weight. And the higher the confidentiality of the handling information of the department to which the member belongs, the higher the rank assigned to the [department], the higher the rank assigned to the member, and the higher the rating to the member The higher the confidentiality of the handling information according to the assigned task, the higher the rating for [task], the longer the employee's longevity, the lower the rating for [working period], Controls to set higher grades for [T&A Status] as there are more late, absent, overtime or holiday work within
In relation to the second category, [Information value], [Security measures] and [Destination destination] are [Information confidentiality], [Information transmission location], [Information transmission time], [Occurrence frequency of this member] and [Others] The frequency of occurrence of organization members] is set to a smaller weight, but [Information Confidentiality] is set to the largest weight, and the greater the degree of confidentiality of the target information of the event, the higher the rating for [Information Confidentiality], and the target information of the event. The higher the monetary value or the value according to the damage, the higher the rating is set for [Information Value], and the greater the degree of security measures prepared for the target information of the event, the higher the rating is set for [Security Measures]. The higher the rating is set for [Information destination] as the destination for receiving the target information of the destination is higher than [Specification destination], and the place for transmitting or exporting the target information of the event is the higher rating for [Information transmission place] Set the higher the rating for [time of information transmission] as the time for sending or exporting the target information of the event is outside business hours, and the greater the frequency of occurrence of the event by the corresponding member, in [the frequency of occurrence of this member] An electronic device characterized in that a higher rating is set for the other member, and the higher the event occurrence frequency of other members, the lower the rating is set for [the occurrence frequency of other members].

Images