Analysis of actual IT security incident in an organization by using IT security implementation model

A game-theory-based model of IT-security implementation in an organization was developed. The model consists of two players: an IT-security promotion section and an employee. The model is applied to an actual IT-security incident, the effect of the values of the model parameters on promotion of security implementation is analyzed, and what changes to the parameters are effective are determined. The results showed that this model has the potential for practical use.