Functional modeling of the organization’s information security culture state monitoring system development

Abstract

The mass transition to remote work, which triggered the quarantine and then military actions on the territory of Ukraine, led to
new challenges to increase the level of information protection. In addition, permanent information and cyber-attacks create a
persistent danger to physical and information systems. This, in turn, requires a clear understanding of the level of information
security of various organizations, especially for critical infrastructure. An important component of the organization's information
security is the information security culture of all participants in internal information processes. Such kind of influence is usually
called the Human Factor. The paper`s aim reveals with two goals. The first goal is the information processes functional modeling of
the information security culture level assessment automation as a part of the overall organization`s security system. The second part
consists in the information security system of project (ISSoP) maturity model development to provide the vital level of trust to
organization within project activities. The functional model of system development presents a number of separate processes: the
formation of questionnaires, data collection, and assessment of information security culture at the personal, department and
organizational levels. Defined input and output data, mechanisms, models, methods and control elements for each process. This
model can be included as a component of the system for determining the level of the common organization`s information security
system. The maturity stages of the information security culture in a project include different Info-Sec activities at various stages of its
life cycle. Such kind of activities need to be taken into account while developing organization`s information security systems.