and prudence and for motivating employees

The invention relates to a method for auditing the state of knowledge, skills and prudence of employees and motivating them under the "security awareness" programme using security audit. A method is known for running social engineering tests automatically using the SAVA system, which, however, is burdened with the following difficulties: How to send phishing e-mails so as to prevent the security system of the corporate e-mail server (including anti-spam) from blocking such e-mails? How to send phishing SMS? How to build websites so that they are trustworthy (e.g. available by their DNS name and not the IP address)? Another difficulty which needs to be tackled is the evaluation of the social engineering test, i.e. a reliable determination whether the employee received a positive or negative result of the audit. Automated evaluation of the results of social engineering tests in the SAVA system at the stage of implementation of the application encounters the following difficulties: How to assess whether the tested employee entered a website? How to assess whether the tested employee opened a document? How to assess whether the tested employee shared sensitive data? Social engineering tests under the "security awareness" programme are designed to check whether the knowledge transferred to employees during training is applied by them in practice and whether the obligations of data protection are taken seriously by them. Also, the training is designed to transfer the knowledge on how to recognise social engineering attacks and develop procedures for the employees to follow in such cases. An equally important task is to make the employee understand the importance of the data in their possession. The employee security audit should be carried out using the same methods as those used by criminals, albeit maintaining ethical principles (the so-called Ethical Hacking). The essence of the invention consists in creating algorithms for automated auditing of employees where a virtual mentor based on model incentive programmes creates individual incentive programmes for employees and management staff, then based on the awai-eness building matrix and the education requirements matrix establishes a list including a report on attacks against the computer and makes changes in the matrix.

The security audit under the "security awareness" programme requires preparation of appropriate tools and scenarios for social engineering tests. Each person undergoing a security test will have the opportunity to check their resistance to social engineering tricks. Analysis of proceeding particularly in the cases involving a negative result is the basis to bring to special attention specific techniques that the client fell victim to. The rules for automated generation of guidelines to motivate employees under the "security awareness" programme based on the results of the audit of the employees have been resolved so that the range includes guidelines various groups of employees, i.e.: all employees, managers and IT staff responsible for the maintenance of technical security against threats targeted against users. SAVA e-learning platform will present in an interactive for simulation tasks to perform. This will be implemented after the employees become familiar with the knowledge on the risks that they may encounter when using IT services.

The object of the invention has been outlined as to its embodiment in the schematic drawings wherein Fig. 1 shows a flowchart of auditing employee security, Fig. 2 shows the functions of motivation development, Fig. 3 shows the functions of awareness building, Fig. 4 shows the algorithm for the security audit with the matrix.

Fig. 1 shows components of the SAVA system essential for auditing employee security and generating guidelines to motivate employees under the "security awareness" programme based on the results of the employee audit:

1- adaptation "security awareness" programme of the employee,

2- security audit module,

3- F(BS) - awareness building function,

4- S(b) - awareness building matrix,

5- K(b) - education requirements matrix,

6- Virtual Mentor,

7- employee notification module,

8- F(RM) - motivation development function

Based on the functions available and elements of the SAVA computer system, algorithms have been developed for automated employee auditing under the "security awareness" programme. The SAVA system keeps in the database data relevant for the security audit module 2.

Example of a table of individual employee training programme.

Repeated training and retaken social engineering tests will be carried out in the SAVA computer system for the employees who have achieved poor results of the security audit. The awareness building function F 3 based on the audit modifies the education requirements matrix 5 accordingly and thereby orders repeated training in the "security awareness" issue, to which the negatively completed security audit of the employee related.

"Virtual Mentor" 6 for employees who have received a negative result of the retaken security audit sends notifications 7 to their superiors with the recommendation to motivate employees to change inappropriate behaviour. In the event of a positive result, it adjusts the education requirements matrix 5 accordingly.

Automated generation of guidelines to motivate employees under the "security awareness" programme (in relation to employee auditing) is based on methods developed for the interaction of the "Virtual Mentor" module 6 with the superiors of the employees to provide guidelines to motivate employees. Fig. 1 shows elements of the SAVA system essential for generating guidelines to motivate employees under the "security awareness" programme based on the results of the employee audit, e.g.: F ^BS - awareness building function 3, F ^RM - motivation development function 8 and Employee Notification Module 7.

Interaction of the"Virtual Mentor" 6 with employees' superiors will be carried out mainly using the awareness building function F ^BS 3 and the motivation development function F ^RM 8. As regards employee auditing, the following situations where the "Virtual Mentor" 6 sends notifications 7 to employees' superiors and directly to employees:

- The employee received a negative result of a retaken security audit 2 (i.e. demonstrated a negative behaviour during the security audit 2 and the retaken audit). Employee's superior should have an educational talk with the employee. Such employee behaviour threatens the security of the organisation. The "Virtual Mentor" 6 sends notifications 7 to employees' superiors.

- Employees received low scores of the E-mail Phishing and SMS Phishing mature behaviour index. Disparaging employee approach to prudent behaviour threatens the security of the organisation. The "Virtual Mentor" 6 orders to retake specific training lessons and sends notifications 7 directly to employees.

The principle of creating guidelines to motivate employees in the SAVA system is shown in Fig. 2. As regards the employee auditing in the SAVA system, incentive programmes will be available for employees and management staff, including the ^Disciplining" programme, where the employee's superior should have an educational talk with the employee in a situation when employee's behaviour threatens the security of the organisation (e.g. the employee received a negative result of a retaken security audit).

Motivating in the SAVA computer system is dynamic in nature, as described in Fig. 3. The "Virtual Mentor" 6 sends information to employees' superiors and directly to employees upon occurrence of various events (e.g. poor audit results). Below algorithms have been included for the motivation development function F ^RM 8 essential for the interaction of the "Virtual Mentor" 6 with employees' superiors in the scope of sending guidelines to motivate employees. The "Virtual Mentor" 6 sends guidelines to the employee's superior in the following situation, when employees received low scores of the E-mail Phishing and SMS Phishing mature behaviour index. Employee's superior should have an educational talk with the employee. Such employee behaviour threatens the security of the organisation. System of performance metrics of the "security awareness" programme essential for security audit module 2

The SAVA system will send recommendations relating to employee groups as follows: Every 5 days, the "Virtual Mentor" 6, based on the„Table of individual employee auditing" (see below) will establish a list of employees of particular organisational units, who for the last 5 days received a negative result of the retaken security audit. The "Virtual Mentor" 6 will send to each superior a list of e-mail addresses of his/her employees, specified in section 1 including a recommendation to have a serious educational talk.

The "Virtual Mentor" 6 will send as guidelines information on the consequences of security breaches that may be produced due to a negative employee behaviour, i.e.: consequences for the employee, such as financial losses, identity theft, loss of confidence of the superior and colleagues, or even disciplinary proceedings as well as the consequences for the company, such as loss of funds, long-term financial losses or bankruptcy, short-term financial losses due to the disrupted availability of key IT services, penalties for breach of confidentiality agreements, legal requirements and other regulations, reduced profits due to the loss of good image, reputation and confidence of customers and partners (some customers leaving to the competition), reduced profits due to restricted business activity or reduced profits due to valuable employees leaving the company.

The SAVA system of the invention will send recommendations relating to employee groups as follows: Every 20 days, the "Virtual Mentor" 6, based on the„Table of performance metrics of the "security awareness "programme"vA\\ analyse mature behaviour indices from the last 20 days and detect the following situations:

• „E-mail Phishing" index below 80%

• „SMS Phishing" index below 80%

Upon detection in section 1 of indices of mature behaviour of low value, the "Virtual Mentor" 6 will send warnings and guidelines to employees in relation to changing their behaviour as regards security. Additionally, in the form of collective reports, employees' superiors should find out who was guilty of security negligence and have educational talks with them. It is mandatory if employees receive a negative results of the retaken security audit (information given in the „Table of individual employee auditing').

Two indices of mature behaviour, E-mail Phishing and SMS Phishing, will be automatically calculated in their entirety using the tools of the S AVA system.

When sending guidelines to motivate employees, the "Virtual Mentor" 6 should pay attention to who will be the object of motivation. As regards IT security, usually different arguments get to management staff compared to regular company employees. The "Virtual Mentor" 6, based on model incentive programmes, will create individual incentive programmes. Below are incentive programmes for employees and management staff essential for the Security Audit Module 2.

Employees who received negative results of a security audit should be motivated to modify their behaviour, and in the long-term to consolidate proper attitudes (e.g. understanding the need to care about security). Periodically (e.g. once a month), the "Virtual Mentor" will send a request to the competent responsible person from the IT department or security department to draw up a report on the operation of security technology of the information and communication system (including next- generation firewall, IPS, anti-virus, URL Filtering, DLP) on attacks targeted against users.

Awareness building function F ^BS 3 for the employees who have received a negative result of the security audit 2 in the„Awareness building matrix" 4, the field„Report on attacks against the user's computer" will set to value of 1. The SAVA system will send recommendations relating to employee groups as follows: every 5 days, the "Virtual Mentor" 6, based on the„Awareness building matrix" will establish a list of employees of particular organisational units, for whom the value of the field "Report on attacks against the user's computer" is 1.

The "Virtual Mentor" 6 will send to each superior a list of e-mail addresses of his/her employees, specified in section 1, along with guidelines to provide them with recommendations on cautious behaviour when facing intensified criminal activity.

The algorithm for the function F ^BS 3 in the scope of transfer of reports on attacks against users' computers