A methodology for development for distributed computer network (DCN) information security system (IS) for an informatization object (OBI) was proposed. It was proposed to use mathematical modeling at the first stage of the methodology. In particular, a mathematical model was presented based on the use of the apparatus of probability theory to calculate the vulnerability coefficient. This coefficient allows one to assess the level of information security of the OBI network. Criteria for assessing the acceptable and critical level of risks for information security were proposed as well. At the second stage of the methodology development of the IS DCN system, methods of simulation and virtualization of the components of the IS DCN were used. In the course of experimental studies, a model of a protected DCN has been built. In the experimental model, network devices and DCN IS components were emulated on virtual machines (VMs). The DCN resources were reproduced using the Proxmox VE virtualization system. IPS Suricata was deployed on RCS hosts running PVE. Splunk was used as SIEM. It has been shown that the proposed methodology for the formation of the IS system for DCN and the model of the vulnerability coefficient makes it possible to obtain a quantitative assessment of the levels of vulnerability of DCN OBI.

An information security audit method (ISA) for a distributed computer network (DCN) of an informatization object (OBI) has been developed. Proposed method is based on the ISA procedures automation by using Bayesian networks (BN) and artificial neural networks (ANN) to assess the risks. It was shown that such a combination of BN and ANN makes it possible to quickly determine the actual risks for OBI information security (IS). At the same time, data from sensors of various hardware and software information security means (ISM) in the OBI DCS segments are used as the initial information. It was shown that the automation of ISA procedures based on the use of BN and ANN allows the DCN IS administrator to respond dynamically to threats in a real time manner, to promptly select effective countermeasures to protect the DCS.

Additions were proposed to the method of organizing the information security (IS) event management process of companies. Unlike existing solutions, the algorithm of the "Event handling" subprocess was detailed. This detailing is a complex, which includes the IS event processing substage. In addition, the proposed detailing of the "Event Handling" subprocess allows for covering the entire life cycle of an IS event. The performed research allows in practice to fill in potential gaps in information when creating a company's ISMS. An additional advantage of the proposed solution is the possibility of using this sub-process as an independent one. The proposed approach makes it possible to simplify the procedure for managing the information security of a company as a whole, as well as potentially reduce the costs of its construction for small companies and enterprises. Also, this subprocess can be considered as an independent information security management process, for example, for a company's CIS. The proposed solutions and additions, in contrast to similar studies, are characterized by invariance with respect to the methods of implementing the company's IS infrastructure solutions, and in particular its CIS. This ultimately allows, without changing the methodological tools, to scale this approach and adapt it to the ISMS of various companies.

A hardware-software system has been implemented to monitor the environmental state (EnvState) at the site of railway (RY) accidents and disasters. The proposed hardware-software system consists of several main components. The first software component, based on the queueing theory (QT), simulates the workload of emergency response units at the RY accident site. It also interacts with a central data processing server and information collection devices. A transmitter for these devices was built on the ATmega328 microcontroller. The hardware part of the environmental monitoring system at the RY accident site is also based on the ATmega328 microcontroller. In the hardwaresoftware system for monitoring the EnvState at the RY accident site, the data processing server receives information via the MQTT protocol from all devices about the state of each sensor and the device's location at the RY accident or disaster site, accompanied by EnvState contamination. All data is periodically recorded in a database on the server in the appropriate format with timestamps. The obtained information can then be used by specialists from the emergency response headquarters.

A methodology is proposed for modifying computer ontologies (CO) for electronic courses (EC) in the field of information and communication technologies (ICT) for universities, schools, extracurricular institutions, as well as for the professional retraining of specialists. The methodology includes the modification of CO by representing the formal ontograph of CO in the form of a graph and using techniques for working with the graph to find optimal paths on the graph using applied software (SW). A genetic algorithm (GA) is involved in the search for the optimal CO. This will lead to the division of the ontograph into branches and the ability to calculate the best trajectory in a certain sense through the EC educational material, taking into account the syllabus. An example is considered for the ICT course syllabus in terms of a specific topic covering the design and use of databases. It is concluded that for the full implementation of this methodology, a tool is needed that automates this procedure for developing EC and/or electronic textbooks. An algorithm and a prototype of software tools are also proposed, integrating machine methods of working with CO and graphs.

The potential breach of access to confidential content hosted in a university's Private Academic Cloud (PAC) underscores the need for developing new protection methods. This paper introduces a Threat Analyzer Software (TAS) and a predictive algorithm rooted in both an operational model and discrete threat recognition procedures (DTRPs). These tools aid in identifying the functional layers that attackers could exploit to embed malware in guest operating systems (OS) and the PAC hypervisor. The solutions proposed herein play a crucial role in ensuring countermeasures against malware introduction into the PAC. Various hypervisor components are viewed as potential threat sources to the PAC's information security (IS). Such threats may manifest through the distribution of malware or the initiation of processes that compromise the PAC's security. The demonstrated counter-threat method, which is founded on the operational model and discrete threat recognition procedures, facilitates the use of mechanisms within the HIPV to quickly identify cyber attacks on the PAC, especially those employing "rootkit" technologies. This prompt identification empowers defenders to take swift and appropriate actions to safeguard the PAC.

The analysis of digital footprints (DF) related to the cybersecurity (cyber risk) user behavior of university information and education systems (UIES) involves the study and evaluation of various aspects of activity in the systems. In particular, such analysis includes the study of typical patterns (patterns) of access to UIES, password usage, network activity, compliance with security policies, identification of anomalous behavior, and more. It is shown that user behavior in UIES is represented by sequences of actions and can be analyzed using the sequential analysis method. Such analysis will allow information security (IS) systems of UIES to efficiently process categorical data associated with sequential patterns of user actions. It is shown that analyzing sequential patterns of cyberthreatening user behavior will allow UIES IS systems to identify more complex threats that may be hidden in chains of actions, not just individual events. This will allow for more effective identification of potential threats and prevention of security incidents in the UIES.

It has been demonstrated that technologies and methods of intelligent data analysis (IDA) in the educational domain, particularly based on the analysis of digital traces (DT) of students, offer substantial opportunities for analyzing student activities. Notably, the DT of students are generated both during remote learning sessions and during blended learning modes. By applying IDA methods to DT, one can obtain information that is beneficial for both the educator in a specific discipline and for the educational institution's management. Such information might pertain to various aspects of the functioning of the digital educational environment (DEE) of the institution, such as: the student's learning style; individual preferences; the amount of time dedicated to a specific task, among others. An algorithm has been proposed for constructing a process model in the DEE based on log analysis within the DEE. This algorithm facilitates the description of a specific process in the DEE as a hierarchy of foundational process elements. Additionally, a model based on cluster analysis methods has been proposed, which may prove beneficial for analyzing the registration logs of systemic processes within the university's DEE. Such an analysis can potentially aid in detecting anomalous behavior of students and other individuals within the university's DEE. The algorithms proposed in this study enable research during log file analysis aimed at identifying breaches of information security within the university's DEE.

In the article there are presented results of the study of the state of user competencies for different specialties of the university digital educational environment (UDEE) on issues related to information security (IS). The methods of cluster analysis and analysis of digital (electronic) traces (DT) of users are used. On the basis of analyzing the DTs of different groups of registered users in the UDEE, 6 types of users are identified. These types of users were a result of applying hierarchical classification and k-means method. Users were divided into appropriate clusters according to the criteria affecting IS risks. For each cluster, the UDEE IS expert can determine the probability of occurrence of high IS risk incidents and, accordingly, measures can be taken to address the causes of such incidents. The algorithms proposed in this study enable research during log file analysis aimed at identifying breaches of information security within the university's DEE.