Skip to main content

Identifying Information Security Risks in a Social Network Using Self-organising Maps

Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT,volume 557)

Abstract

Managing information security risks in an organisation is one of the most important tasks an organisation has. Unfortunately, due to the complexity of most organisational systems, identifying information security risks can be difficult. One way to identify possible risks in an organisation is to make use of Social Network Analysis (SNA). While they can be used to identify risks, the metrics calculated using SNA are often numerous and daunting to managers unfamiliar with SNA. Furthermore, as the data in this form tend to be uncomfortable to process, educating managers about risks in their organisation can be quite difficult. Also, as these metrics often require quantitative processing in order to be useful, SNA on its own is not always an attractive method to use to identify risks in an organisation. In this paper the use of self-organising maps to identify possible information security risks in an organisation is investigated. Risk data were obtained from an organisation that deals in risk management, which were used to build a social network. A number of metrics associated with risk were calculated from the network, and these metrics were used to cluster the various entities using a self-organising map. Certain entities that pose a possible information security risk were identified. The results suggest that it may be viable to use self-organising maps, in concord with SNA, to more easily identify risks in an organisation using visual methods.

Keywords

  • Self-organising maps
  • Social network analysis
  • Information security

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-23451-5_9
  • Chapter length: 13 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-23451-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   69.99
Price excludes VAT (USA)
Hardcover Book
USD   99.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

References

  1. Wangen, G.: Information security risk assessment: a method comparison. Computer 50(4), 52–61 (2017)

    CrossRef  Google Scholar 

  2. Armstrong, H., Armstrong, C., McCulloh, I.: A course applying network analysis to organizational risk in information security, In: South African Information Security Multi-conference pp. 204–214 (2010)

    Google Scholar 

  3. Dang-Pham, D., Pittayachawan, S., Bruno, V.: Investigation into the formation of information security influence: network analysis of an emerging organisation. Comput. Secur. 70, 111–123 (2017)

    CrossRef  Google Scholar 

  4. Serfontein, R., Drevin, L., Kruger, H.: The feasibility of raising information security awareness in an academic environment using SNA. In: Drevin, L., Theocharidou, M. (eds.) WISE 2018. IAICT, vol. 531, pp. 69–80. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99734-6_6

    CrossRef  Google Scholar 

  5. Scott, J., Carrington, P.J.: The SAGE Handbook of Social Network Analysis. SAGE Publications, Thousand Oaks (2011)

    Google Scholar 

  6. Tsui, E., Liebowitz, J.: Linking social network analysis with the analytic hierarchy process for knowledge mapping in organizations. J. Knowl. Manag. 9(1), 76–86 (2005)

    CrossRef  Google Scholar 

  7. Dang-Pham, D., Pittayachawan, S., Bruno, V.: Applying network analysis to investigate interpersonal influence of information security behaviours in the workplace. Inf. Manag. 54(5), 625–637 (2017)

    CrossRef  Google Scholar 

  8. Boulet, R., Jouve, B., Rossi, F., Villa, N.: Batch kernel SOM and related Laplacian methods for social network analysis. Neurocomputing 71(7), 1257–1273 (2008)

    CrossRef  Google Scholar 

  9. Kohonen, T.: The self-organizing map. Neurocomputing 21(1–3), 1–6 (1998)

    CrossRef  Google Scholar 

  10. De la Hoz, E., De la Hoz, E., Ortiz, A., Ortega, J., Prieto, B.: PCA filtering and probabilistic SOM for network intrusion detection. Neurocomputing 164(Suppl. C), 71–81 (2015)

    CrossRef  Google Scholar 

  11. Hunt, R., Hill, S.: Using security logs to identify and manage user behaviour to enhance information security. In: 14th European Conference on Cyber Warfare and Security, p. 111. Academic Conferences Limited (2015)

    Google Scholar 

  12. López, A.U., et al.: Analysis of computer user behavior, security incidents and fraud using self-organizing maps. Comput. Secur. 83, 38–51 (2019)

    CrossRef  Google Scholar 

  13. Bäck, T., Kok, J.N., Rozenberg, G.: Handbook of Natural Computing. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-540-92910-9

    CrossRef  MATH  Google Scholar 

  14. Pal, C., Hirayama, S., Narahari, S., Jeyabharath, M., Prakash, G., Kulothungan, V.: An insight of world health organization (WHO) accident database by cluster analysis with self-organizing map (SOM). Traffic Inj. Prev. 19(sup1), S15–S20 (2018)

    CrossRef  Google Scholar 

  15. Nakayama, H., et al.: Comparative transcriptomics with self-organizing map reveals cryptic photosynthetic differences between two accessions of north american lake cress. Sci. Rep. 8(1), 3302 (2018)

    CrossRef  Google Scholar 

  16. Gu, F., Cheung, Y.-M.: Self-organizing map-based weight design for decomposition-based many-objective evolutionary algorithm. IEEE Trans. Evol. Comput. 22(2), 211–225 (2018)

    CrossRef  Google Scholar 

  17. Kuo, R.J., Rizki, M., Zulvia, F.E., Khasanah, A.U.: Integration of growing self-organizing map and bee colony optimization algorithm for part clustering. Comput. & Ind. Eng. 120, 251–265 (2018)

    CrossRef  Google Scholar 

  18. Lee, Y.: Using self-organizing map and clustering to investigate problem-solving patterns in the massive open online course: an exploratory study. J. Educ. Comput. Res. (2018). https://doi.org/10.1177/0735633117753364

    CrossRef  Google Scholar 

  19. Fausett, L.V.: Fundamentals of Neural Networks: Architectures, Algorithms, and Applications. Prentice-Hall, Englewood Cliffs (1994)

    MATH  Google Scholar 

  20. Viscovey SOMine. www.viscovery.net/somine. Accessed 10 Feb 2019

  21. Au, C.H., Fung, W.S., Tses, A.: An investigation on the relationship between control self-assessment, cloud security, and cloud-related business performance-using partial least squares, In: Industrial Engineering and Engineering Management (IEEM), pp. 1879–1883. IEEE (2016)

    Google Scholar 

  22. Armstrong, H., McCulloh, I.: Organizational risk using network analysis, In: South African Information Security Multi-conference, pp. 132–141 (2010)

    Google Scholar 

  23. Hanneman, R.A., Riddle, M.: Introduction to Social Network Methods. University of California, Oakland (2005)

    Google Scholar 

  24. ORA-Lite. www.casos.cs.cmu.edu/projects/ora. Accessed 24 Apr 2018

  25. Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 2nd edn. The MIT Press, Cambridge (2001)

    MATH  Google Scholar 

  26. Borgatti, S.P.: Centrality and network flow. Soc. Netw. 27, 55–71 (2005)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Rudi Serfontein , Hennie Kruger or Lynette Drevin .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2019 IFIP International Federation for Information Processing

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Serfontein, R., Kruger, H., Drevin, L. (2019). Identifying Information Security Risks in a Social Network Using Self-organising Maps. In: Drevin, L., Theocharidou, M. (eds) Information Security Education. Education in Proactive Information Security. WISE 2019. IFIP Advances in Information and Communication Technology, vol 557. Springer, Cham. https://doi.org/10.1007/978-3-030-23451-5_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-23451-5_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-23450-8

  • Online ISBN: 978-3-030-23451-5

  • eBook Packages: Computer ScienceComputer Science (R0)