摘要:This research establishes a security evaluation model from the insider leakage perspective and suggests an objective evaluation measurement. Organizational security risks are fused and compounded both inside and outside the organization. Although multiple security controls are implemented to minimize an organization’s security risk, effective security control requires management to preemptively check the organization’s security level. Existing criteria for evaluating security level are limited to external security risks and have improper limit points for dealing with security risks that are fused and compounded within an organization. The focus of this study is the prevention of technical information leakage. Furthermore, we propose a method for measuring the level at which the objectivity of certain items is secured. We compiled 26 detailed evaluation items, considering the security requirements to prevent technical information leakage. We not only performed suitability, reliability, and factor analyses and statistical validation, but also established a method to measure the security level. This measurement method ensures the effectiveness and objectivity of the evaluation of security level, mitigating the risks of security incidents caused by insiders. The results serve as a reference for organizations when designing security evaluation criteria and automated tools based on our evaluation model for future research.
