Abstract

A contradiction is revealed between the rise in the number of information security incidents in companies through the fault of employees and the stable inefficiency of measures taken by employers to reduce these incidents. It is concluded that there is a lack of attention on the part of scientists to the current trends in corporate management (quality, personnel, knowledge, and risk management) that consists in more active participation of employees in managerial processes. The need for strengthening the role of the user of a corporate information system as a subject involved in managing its information security is substantiated based on the example of detecting social engineering attacks. The organizational, hardware, and software tools for engaging the user in this process are described.

中文翻译：

---

企业员工作为企业信息安全管理的主题

摘要

员工之间的过失导致公司信息安全事件数量的增加与雇主为减少此类事件而采取的措施的效率持续下降之间存在矛盾。结论是，科学家对公司管理的当前趋势（质量，人员，知识和风险管理）缺乏关注，这种趋势包括员工更积极地参与管理过程。基于检测社会工程攻击的示例，证实了需要加强企业信息系统用户作为管理其信息安全的主题的作用。描述了使用户参与此过程的组织，硬件和软件工具。