Reduction of cybersecurity risk via evaluating users' behaviour

Antonín Korauš (), Vladimír Špitalský (), Ľubomír Török (), Jozef Balga () and Ľudmila Lipková ()
Additional contact information
Antonín Korauš: Academy of the Police Force in Bratislava, Slovakia
Vladimír Špitalský: Beset, spol. s r. o., Slovakia
Ľubomír Török: Beset, spol. s r. o., Slovakia
Jozef Balga: Academy of the Police Force in Bratislava, Slovakia
Ľudmila Lipková: Alexander Dubček University of Trenčín, Slovakia

Entrepreneurship and Sustainability Issues, 2024, vol. 11, issue 3, 387-407

Abstract: Since the 1990s, process analysis has attained a fundamental position among business management approaches. With the gradual development and expansion of digitalization in businesses that have begun to use advanced information systems, a demand also arose to survey the processes within companies, including retrospectively from the digital records of information systems. This requirement laid the foundation for the emergence of the scientific discipline known today as Process Mining. In the presented article, we introduce its basic concepts and point out the possibility of using them in the field of security analysis of the log of a general system, which creates digital records of its operation (a so-called journal or log). The result of using Process Mining methods is identifying unrecorded processes running in a system and various deviations from the expected system operation, which may signal security threats to the system itself or its operator. In the battle against hybrid threats, many resources are explicitly devoted to protecting cyberspace. The approach proposed in this article allows a system to be analysed as a whole, identifying patterns of behaviour that would not otherwise arouse suspicion in individual steps but, as a sequence of separate steps (processes), do not fall into the expected pattern of system behaviour. This can be used as a long-term sustainable concept in the fight against hybrid threats. An analysis of a system’s behavior can be built on continuous “learning” by labelling newly discovered processes as safe or unsafe, ensuring the long-term sustainability of this approach. The main advantage of the proposed analyses is that they run as an oversight of the system itself, analysing it only based on records from its event log. Therefore, no interventions are needed in the architecture and source code of the analysed system, and the analyses do not affect its operation or data.

Keywords: hybrid threats; process analysis; process mining; security; cyberspace; information systems; system behavior; cybersecurity; management (search for similar items in EconPapers)
JEL-codes: E27 F50 G32 (search for similar items in EconPapers)
Date: 2024
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://jssidoi.org/jesi/uploads/articles/43/Korau ... _users_behaviour.pdf (application/pdf)
https://jssidoi.org/jesi/article/1185 (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:ssi:jouesi:v:11:y:2024:i:3:p:387-407

DOI: 10.9770/jesi.2024.11.3(27)

Access Statistics for this article

Entrepreneurship and Sustainability Issues is currently edited by Manuela Tvaronaviciene

More articles in Entrepreneurship and Sustainability Issues from VsI Entrepreneurship and Sustainability Center
Bibliographic data for series maintained by Manuela Tvaronaviciene ().