01496nas a2200193   4500000000100000008004100001653003200042653001800074653001800092653001100110653001000121653001900131100001900150700002200169245010300191300001200294490000700306520098900313       2024                            d10ainformation security system10ahuman factors10avulnerability10athreat10aagent10ainsider threat1 aIvan Gaidarski1 aAnastas Madzharov00aApplying a New Approach to Consider the Human Factor in the Design of Information Security Systems  a261-2720 v553 a<p>A primary task of information security in modern organisations is to ensure the safety of their information assets.&nbsp;The most effective method is to develop and implement an information security system (ISS) that is designed for a specific organisation and meets the organisation-specific requirements. Two methods for creating ISS are considered in the article – development of a complex ISS through systems analysis and the authors’ method for the development of organisational ISS. These methods consider different viewpoints on the system. An example is given with Information Security Viewpoint and related concepts such as “Incident,” “Breach,” “Vulnerability,” “Threats,” “Threat Sources,” and a “Threat Agent” with taking the human factor in account. As the behaviour of employees in relation to the adopted information security policy cannot be predicted, it is necessary to foresee some measures in the process of designing the system.</p>