Method of Assessing the Influence of Personnel Competence on Institutional Information Security Ihor Pilkevycha, Oleg Boychenkoa, Nadiia Lobanchykovab, Tetiana Vakaliukb, and Serhiy Semerikovc,d,e a Korolov Zhytomyr Military Institute, 22, Prospect Myru, Zhytomyr, 10004, Ukraine b Zhytomyr Polytechnic State University, Chudnivska str., 103, Zhytomyr, 10005, Ukraine c Kryvyi Rih State Pedagogical University, 54 Gagarin av., Kryvyi Rih, 50086, Ukraine d Kryvyi Rih National University, Vitalii Matusevych str., 27, Kryvyi Rih, 50027, Ukraine e Institute of Information Technologies and Learning Tools of the NAES of Ukraine, M. Berlynskoho str., 9, Kyiv, 04060, Ukraine Abstract Modern types of internal threats and methods of counteracting these threats are analyzed. It is established that increasing the competence of the staff of the institution through training (education) is the most effective method of counteracting internal threats to information. A method for assessing the influence of personnel competence on institutional information security is proposed. This method takes into account violator models and information threat models that are designed for a specific institution. The method proposes to assess the competence of the staff of the institution by three components: the level of knowledge, skills, and character traits (personal qualities). It is proposed to assess the level of knowledge based on the results of test tasks of different levels of complexity. Not only the number of correct answers is taken into account, but also the complexity of test tasks. It is proposed to assess the assessment of the level of skills as the ratio of the number of correctly performed practical tasks to the total number of practical tasks. It is assumed that the number of practical tasks, their complexity is determined for each institution by the direction of activity. It is proposed to use a list of character traits for each position to assess the character traits (personal qualities) that a person must have to effectively perform the tasks assigned to him. This list should be developed in each institution. It is proposed to establish a quantitative assessment of the state of information security, defining it as restoring the amount of probability of occurrence of a threat from the relevant employee to the product of the general threat and employees of the institution. An experiment was conducted, the results of which form a particular institution show different values of the level of information security of the institution for different values of the competence of the staff of the institution. It is shown that with the increase of the level of competence of the staff of the institution the state of information security in the institution increases. Keywords 1 Assessment of the level of knowledge, competence, information threats, a model of the internal violator, model threats. 1. Introduction The development of information technology provides society with a great variety of electronic services. However, at the same time, there are threats to confidentiality, integrity, and availability of IntelITSIS’2021: 2nd International Workshop on Intelligent Information Technologies and Systems of Information Security, March 24–26, 2021, Khmelnytskyi, Ukraine EMAIL: igor.pilkevich@meta.ua (I. Pilkevych); bos_2006@ukr.net (O. Boychenko); lobanchikovanadia@gmail.com (N. Lobanchykova); tetianavakaliuk@gmail.com (T. Vakaliuk); semerikov@gmail.com (S. Semerikov) ORCID: 0000-0001-5064-3272 (I. Pilkevych); 0000-0003-3048-4184 (O. Boychenko); 0000-0003-4010-0308 (N. Lobanchykova): 0000- 0001-6825-4697 (T. Vakaliuk); 0000-0003-0789-0272 (S. Semerikov) © 2021 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings (CEUR-WS.org) information. Therefore, in recent years, more attention has been paid to the protection of information in institutions (enterprises): measures are organized and carried out to prevent the loss, modification, unauthorized access (acquaintance), leakage, recovery of damaged or lost information. Information security services are also being set up to ensure constant monitoring of the technical condition and software of the information security system, information security, and actions of the institution's personnel who are users of the institution's information and telecommunication system (ITS). Modern information security systems can effectively counter threats from the outside through the use of antivirus, firewalls, and other specialized software (SS). However, the disadvantage of such an SS is the lack of effective solutions to counter internal threats. To protect against internal threats, a separate SS is used, the effective use of which requires the staff of the Information Security Service (ISS) to have the appropriate knowledge and skills to operate this type of software. The results of the analysis of internal threats for 2019, presented in the annual report of Cybersecurity Insiders and Gurucul [1], show that the number of insider attacks in 12 months increased by 68% and only 48% of surveyed institutions are confident in protecting their information from internal threats. The same report states that to counter internal threats, 49% of institutions have chosen the tactics of training (education) of ITS users of the institution and the person. Therefore, this study is aimed at solving the scientific and practical problem of assessing the impact of staff competence on the state of information security of the institution. 2. Related works The human factor in ensuring the information security of institutions (enterprises) is often ignored. Thus, the report [2] provides an analysis of information security (IS) risks that arise due to irresponsibility and low competence of the staff of the institution (enterprise). The author emphasizes the relevance of the culture of information security, which consists of the observance of the rules of "digital hygiene" by the staff of the institution. In the article [3], the authors investigated cyber hygiene and its role in information security. They found that those individuals with good cyber hygiene follow best practices for security and protect their personal information. The authors in the scientific work [4] emphasized the need to consider the level of professional training of employees responsible for IS, as a separate factor influencing the state of IS institution. It was also suggested to improve the selection of employees at the hiring stage and to take appropriate measures to improve their professional level (competence) to prevent or minimize unintentional mistakes. In the report [5] the author provides a list of methods for detecting insider attacks. The results of the analysis of these methods allow us to conclude that to successfully counter insider attacks, ISS staff must have a high level of professional training and constantly improve it through training in thematic courses and training on IS. In [6], the authors examined the threat management programs used by firms that provide financial services. These programs began to take into account threats from trusted employees, contractors, and business partners. One such program is the Guide to Insider Threats [7]. This threat management program provides a tool for assessing the trust of employees and the organization of information security in the enterprise. Several approaches are used to counter insider attacks. The authors [8] suggest using models that are using linguistic analysis to determine an employee's risk level of computer-mediated communication, particularly emails. In [9], the authors suggest using advanced deep learning techniques, which provide a new paradigm to learn end-to-end models from complex data. Another area of countering insider is information security management. According to research [10], the authors found that numerous activities of management, particularly development and execution of information security policy, awareness, compliance training, development of effective enterprise information architecture, IT infrastructure management, business, and IT alignment, and human resources management, had a significant impact on the quality of management of information security. Institutional IS depends on the competence of the institution's staff. In the article [11] the authors proposed Competency Model and Instrument for Competency Measurement. The report [12] presents the views of the international community on the prospects for the development of education for cybersecurity professionals. The authors propose to consider the discipline of cybersecurity as multidisciplinary and provide ways to improve the training of cybersecurity professionals. A modern view on the construction of a model of competence of a specialist in the field of information technology is given in [13]. The authors propose to use the following components of the competency model: personal characteristics, the ability of a person to perform certain functions, a set of types of behavior, and social roles. The authors in the article [14] introduce the concept of mathematical competence of future IS specialists. Mathematical competence is the acquisition of mathematical knowledge and its implementation in the form of professionally significant skills and abilities. The competence approach with the separation of general and special competencies is considered in scientific research [15-18]. These studies propose two approaches to describe competencies: generalization - providing a list of competencies with comments on each component; structural and functional - a description of the stages, functions of activities with access to the generalization of information. In [19-20] techniques concerning cyberattacks detection presented for information security assessment are presented. Thus, a large number of scientific papers are devoted to the study of competencies, but the issue of the impact of staff competence on the information security of the institution (organization) is not sufficiently studied. The purpose of the article is to develop a method for assessing the impact of staff competence on the information security of the institution using a structural and functional approach to the description of staff competencies. 3. Method of assessing the influence of personnel competence on institutional information security Competence in this scientific and practical research should be understood as a set of knowledge and skills, as well as personality traits, the use of which allows the individual to solve a specific problem. Assessment of the level of knowledge is based on the methods and techniques of modern Item Response Theory, which provides tools for determining the level of knowledge tested by the results of test tasks, which are evaluated by some continuous value that takes values from [0… 1]. The relationship between the level of knowledge and the performance of test tasks is determined by some nonlinear dependence [21 - 24]. It is the assessment of the level of knowledge is a quantitative indicator of the totality of knowledge and skills of the individual. In our opinion, (we think that), the competence of the individual functionally depends on the knowledge, skills, and personality traits. If we introduce the coefficients of the importance of knowledge, skills, and personality traits, the competence of the individual will be as follows: Comp = α1Sca + α 2 Sk + α 3Ch (1) where Sca – assessment of the level of knowledge; Sk – skills assessment; Ch – assessment of character traits (personal qualities); α1 , α 2 , α 3 – coefficients of the importance of assessment of knowledge, skills, and character traits. In this case, the condition must be met: α1 + α 2 + α 3 =1. Assessment of the level of knowledge is obtained by testing. To assess the level of knowledge tested by the results of test tasks, a mathematical model was used, which defines the following steps: 1. Calculation of the complexity of the test (complexity of the test). The complexity of the test is characterized by the number of tasks of different levels of complexity and determines the maximum score that can be obtained by the test subject, provided all the correct answers to the test tasks: m (2) ∑ n ⋅ tc i i Ct = i =1 , m where m – the number of levels of difficulty of tasks; ni – number of tasks i -th level of complexity; i = 1...m ; tci – task complexity, which is calculated by expression: m +1− i (3) tci = . m 2. Calculation of the quality of the answer. The quality of the answer is a continuous random variable distributed on the interval [0… 1], which characterizes the completeness of the correct answer: k −i (4) qai = , k −1 where k – the number of options for answers to the test task; i = 1...k . 3. Calculation of the probability of the correct answer. The probability of the correct answer depends on m – the number of levels of complexity of the tasks, it is determined by this ratio: i (5) pcai = m where m – the number of levels of complexity of the tasks; i = 1...m . 4. Calculation of the answer level. The level of the answer Al is a continuous random variable distributed on the interval [0… 1], which characterizes the completeness of the correct answer obtained for the problem with the corresponding level of complexity. The level of response does not take into account the probability of the correct answer to the task and the complexity of the task. Then the level of the answer Al is calculated by the following expression: = Ali qai ,l ⋅ tci , j , (6) where i = 1...n ; l = 1...k ; j = 1...m ; n – number of test tasks. 5. Calculation of the share of correct answers. The share of correct answers Sca is a continuous random variable distributed on the interval [0… 1], which characterizes the level of knowledge based on the quality of answers obtained to tasks of different levels of complexity: n (7) ∑ Al i Sca = i =1 . n Assessment of the level of skills is based on the results of a specially developed set of practical tasks. Assessment of the level of skills is calculated as the number of correctly performed practical tasks to the total number of practical tasks. Assessment of character traits (personal qualities) is based on the results of special psychological tests. The list of character traits that a person must have to effectively perform the tasks assigned to him, is developed separately for each position. For each position in the institution, the required list of character traits Fch consist x s of elements. The importance of each character trait is determined by x the weighting factor β i . With ∑ β = 1. Then the following ratio should be used to calculate the i =1 i assessment of personality traits: x (8) Сh = ∑ Fch ⋅ β . i =1 i i Under the IS of the institution in this study, we will understand the state of protection of information of the institution from many threats of information, which is determined by the model of threats to information of the institution. Dependence of IS on information threats is presented as an expression: b c (9) ∑∑ z =i 1 =j 1 i, j IS = , b⋅c where zi , j – the probability of occurrence of the i -th threat of information from the set of threats of information Z from the j -th employee of the institution; b – the number of information threats Z , which is determined by the model of information threats of the institution; c – number of employees of the institution. The probability of occurrence of the i -th threat of information from the set of threats of information from the j -th employee of the institution is influenced by his competence. To find the quantitative value zi , j , the method of calculating the probability of realization of information threats from an internal violator was used [25]. This method takes into account the motive of illegal actions by the internal violator and the assessment of his knowledge about the possibility of realizing the threats of information of the institution. When using the method of calculating the probability of realization of information threats from an internal violator in this study, the competence of the internal violator was used instead of assessing his knowledge. According to the method [25] and taking into account the above, the expression for calculating the probability of occurrence of the i -th threat of information from the set of threats to information Z from the j -th employee of the institution: zi , j = M j + Ri , j + Comp j − M j ⋅ Ri , j − M j ⋅ Comp j − Ri , j ⋅ Comp j + M j ⋅ Ri , j ⋅ Comp j , (10) where M j – the probability of the motive of illegal behavior of the employee of the institution; Ri , j – the probability of realization of threats by an employee of the institution on the grounds given in the model of the violator. 4. Experiment Examples are considered to verify the method of assessing the impact of staff competence on the IS of the institution. Example 1. The institution has a list of positions. The results of the assessment of the level of competence of the staff following the list of positions are shown in table 1. Table 1 The results of the assessment of the level of competence of the staff of the institution Employee positions Knowledge Skill Traits Competence Security Administrator 0,99 0,99 0,95 0,98 Computer network administrator 0,99 0,99 0,98 0,99 System administrator 0,99 0,99 0,92 0,97 Database administrators 0,75 0,79 0,95 0,83 Head of 1 department 0,4 0,25 0,95 0,53 Workstation operator 1 department 0,5 0,3 0,95 0,58 Head of 2 department 0,4 0,25 0,95 0,53 Workstation operator 2 department 0,5 0,25 0,45 0,40 Electrician 0,1 0,1 0,95 0,38 Communication engineer 0,2 0,2 0,95 0,45 Guardian 0,1 0,1 0,94 0,38 Technician 0,1 0,1 0,5 0,23 Cleaner 0,01 0,01 0,95 0,32 Competence was calculated with the following coefficients of importance: • knowledge assessment – 0,5; • skills assessment – 0,4; • assessment of character traits – 0,1. The internal intruder model is shown in Table 2. The following notation is introduced for this model: • r1 – the launch of a fixed set of tasks (programs) that implement pre-provided information processing functions - reading (viewing); • r2 – creation, and launch of own programs with new functions of information processing (draft documents) - modification, deletion, and copying; • r3 – creation, and launch of own programs with new functions of information processing (valid documents) - modification, deletion, and copying; • a1 – place of action of employees of the institution within the controlled area; • a2 – a place of action of employees of the institution within the regime premises without access to ITS hardware and software; • a3 – the place of action of the employees of the institution within the regime premises with access to ITS hardware and software; • s1 – the employee has access to the settings of the data transmission channels; • s2 – the employee uses standard ITS hardware or software; • s3 – the employee uses additional ITS hardware or software; • s4 – the employee uses disguise as a registered ITS user. Table 2 Model of the internal violator Employee Level of Methods and ways of Probability Place of action positions opportunities action Ʃ of threats r1 r2 r3 a1 a2 a3 s1 s2 s3 s4 Security 1 1 1 1 1 1 1 1 1 0 9 0,9 Administrator Computer network 1 1 1 1 1 1 1 1 1 0 9 0,9 administrator System 1 1 1 1 0 1 0 1 1 0 7 0,7 administrator Database 1 1 1 1 0 1 0 1 1 0 7 0,7 administrators Head of 1 1 1 1 1 0 1 0 1 0 0 6 0,6 department Workstation operator 1 1 1 0 1 0 1 0 1 0 0 5 0,5 department Head of 2 1 1 1 1 0 1 0 1 0 0 6 0,6 department Workstation operator 2 1 1 0 1 0 1 0 1 0 0 5 0,5 department Electrician 0 0 0 1 1 0 0 0 0 0 2 0,2 Communication 1 0 0 1 1 1 1 0 1 0 6 0,6 engineer Guardian 0 0 0 1 0 0 0 0 0 0 1 0,1 Technician 0 0 0 1 1 0 1 0 0 0 3 0,3 Cleaner 0 0 0 1 0 0 0 0 0 0 1 0,1 Model threats to the information of the institution are shown in Table 3. Table 3 Model threats to the information of the institution Type of information threat Level of Place of Methods and Ʃ Probability opportunities action ways of action of threats r1 r2 r3 a1 a2 a3 s1 s2 s3 s4 Unauthorized access (z1) 1 1 1 1 1 1 0 1 1 1 9 0,9 Uncontrolled acquaintance 1 1 1 1 1 1 0 1 0 1 8 0,8 (z2) Random modification (z3) 0 1 1 1 0 1 0 1 0 0 5 0,5 Deliberate modification (z4) 0 1 1 1 0 1 1 1 1 1 8 0,8 Accidental destruction (z5) 0 1 1 1 0 1 0 1 0 0 5 0,5 Deliberate destruction (z6) 0 1 1 1 0 1 1 1 1 1 8 0,8 Unauthorized copying (z7) 0 1 1 1 0 1 1 1 1 1 8 0,8 Random distribution (z8) 0 0 1 1 0 1 1 1 0 0 5 0,5 Deliberate distribution (z9) 0 1 1 1 0 1 1 1 1 1 8 0,8 The probabilities of information threats from the staff of the institution are shown in Table 4. Table 4 Probabilities of information threats from the staff of the institution Employee z1 z2 z3 z4 z5 z6 z7 z8 z9 positions Security 0,81 0,72 0,45 0,72 0,45 0,72 0,72 0,45 0,72 Administrator Computer 0,81 0,72 0,45 0,72 0,45 0,72 0,72 0,45 0,72 network administrator System 0,63 0,56 0,35 0,56 0,35 0,56 0,56 0,35 0,56 administrator Database 0,63 0,56 0,35 0,56 0,35 0,56 0,56 0,35 0,56 administrators Head of 1 0,54 0,48 0,3 0,48 0,3 0,48 0,48 0,3 0,48 department Workstation 0,45 0,4 0,25 0,4 0,25 0,4 0,4 0,25 0,4 operator 1 department Head of 2 0,54 0,48 0,3 0,48 0,3 0,48 0,48 0,3 0,48 department Workstation 0,45 0,4 0,25 0,4 0,25 0,4 0,4 0,25 0,4 operator 2 department Electrician 0,18 0,16 0,1 0,16 0,1 0,16 0,16 0,1 0,16 Communication 0,54 0,48 0,3 0,48 0,3 0,48 0,48 0,3 0,48 engineer Guardian 0,09 0,08 0,05 0,08 0,05 0,08 0,08 0,05 0,08 Technician 0,27 0,24 0,15 0,24 0,15 0,24 0,24 0,15 0,24 Cleaner 0,09 0,08 0,05 0,08 0,05 0,08 0,08 0,05 0,08 The probability of occurrence of a motive for the illegal behavior of an employee of the institution for all staff of the institution is equal to 0.25. Substituting the data from tables 1-4 to expression (9) we obtain a quantitative value of information security, which is equal to 0.658. Example 2. The institution has a list of positions. The results of the assessment of the level of competence of the staff by the list of positions are shown in table 5. Table 5 The results of the assessment of the level of competence of the staff of the institution Employee positions Knowledge Skill Traits Competence Security Administrator 0,25 0,25 0,95 0,32 Computer network administrator 0,25 0,25 0,98 0,32 System administrator 0,25 0,25 0,92 0,32 Database administrators 0,2 0,2 0,95 0,28 Head of 1 department 0,15 0,15 0,95 0,23 Workstation operator 1 department 0,1 0,1 0,95 0,19 Head of 2 department 0,1 0,1 0,95 0,19 Workstation operator 2 department 0,1 0,1 0,45 0,14 Electrician 0,1 0,1 0,95 0,19 Communication engineer 0,2 0,2 0,95 0,28 Guardian 0,1 0,1 0,94 0,18 Technician 0,1 0,1 0,5 0,14 Cleaner 0,01 0,01 0,95 0,10 The model of the internal violator, the model of information threats, the probability of information threats from the staff of the institution, and the probability of the motive of misconduct of the employee of the institution used from example 1. Then obtained a quantitative value of information security, equal to 0.545. Example 3. The institution has a list of positions. The results of the assessment of the level of competence of the staff by the list of positions are shown in table 6. Table 6 The results of the assessment of the level of competence of the staff of the institution Employee positions Knowledge Skill Traits Competence Security Administrator 0,9 0,9 0,95 0,91 Computer network administrator 0,9 0,9 0,98 0,91 System administrator 0,9 0,9 0,92 0,90 Database administrators 0,9 0,9 0,95 0,91 Head of 1 department 0,5 0,5 0,95 0,55 Workstation operator 1 department 0,4 0,4 0,95 0,46 Head of 2 department 0,5 0,8 0,95 0,67 Workstation operator 2 department 0,8 0,5 0,45 0,65 Electrician 0,5 0,4 0,95 0,51 Communication engineer 0,6 0,8 0,95 0,72 Guardian 0,1 0,1 0,94 0,18 Technician 0,3 0,5 0,5 0,40 Cleaner 0,01 0,01 0,95 0,10 The model of the internal violator, the model of information threats, the probability of information threats from the staff of the institution, and the probability of the motive of misconduct of the employee of the institution were used from example 1. Then obtained a quantitative value of information security, equal to 0.734. 5. Discussions The study yielded the following results: 1. Assessment of the level of knowledge of employees of the institution is carried out by testing them. The mathematical model, which is used to calculate the level of knowledge of employees of the institution, takes into account the complexity of test tasks. This model provides an expression for calculating the complexity of the test in general. The complexity of the test has a direct functional dependence on the sum of the product of the complexity of the tasks and their number. It is also proposed to use a mathematical dependence to assess the quality of the answer, which characterizes the completeness of the answer. The use of a mathematical model for assessing the level of knowledge of employees allows the developer of test tasks to obtain tests of different levels of complexity for different positions of the institution. 2. In each institution to ensure information security, a model of threats to the information of the institution and a model of the violator (internal and external) are developed. The threat can be realized with the appropriate probability. To find the quantitative value of the possibility of realizing the threat of information, the method of calculating the probability of realizing information threats from an internal violator was used. In this study, using the method of calculating the probability of realization of information threats from an internal violator, instead of assessing the knowledge of the internal violator, the competence of employees of the institution was used. To take into account the mutual influence of the probability of occurrence of events (realization of information threat, acquisition of appropriate access rights) to calculate the probability of realization of information threat from the set of information threats from an employee, the theorem on the addition of arbitrary events was applied. 3. The results of the experiment indicate that with the increase in the level of competence of employees of the institution, the state of information security in the institution increases. In example 3, where the competence of employees of the institution is the highest, the quantitative value of information security is equal to 0.734. In example 2, where the competence of employees of the institution is the lowest, the quantitative value of information security is equal to 0.545. In example 1, where the competence of employees of the institution is average, the quantitative value of information security is equal to 0.658. In these examples, only the quantitative values of competence of employees of the institution were changed. The model of the internal violator, the model of information threats, the probability of information threats from the employees of the institution, and the probability of the motive for the illegal behavior of the employee of the institution were the same for all examples. The conducted experiments confirm that the information security of the institution has a nonlinear functional dependence on the competence of the employees of the institution. 6. Conclusions The method of assessing the influence of personnel competence on institutional information security allows obtaining a quantitative value of information security. The proposed method makes it possible to automate the process of assessing personnel competence through the use of the mathematical apparatus of modern test theory, systems analysis, and probability theory. The practical orientation of the study is to use the developed method in the information security service of the institution to assess the possibility of implementing the appropriate type of threat from the staff of the institution, taking into account the level of personnel competence. The method of assessing the influence of personnel competence on institutional information security allows assessing the information security taking into account the model of the violator, the model of information threats, which are designed for a particular institution. 7. References [1] 2020 Insider Threat Report. Cybersecurity Insiders, URL: https://www.cybersecurity- insiders.com/wp-content/uploads/2019/11/2020-Insider-Threat-Report-Gurucul.pdf [2] N. Kuharska, Informacijna bezpeka jak element korporatyvnoji struktury Aktualʹni problemy upravlinnja informacijnoju bezpekoju deržavy: zb. tez nauk. dop. nauk.-prakt. konf. (Kyjiv, 4 kvitnja 2019. Kyjiv : Nac. akad. SBU) 70–73. [3] A. A. Cain, M. E. Edwards, J. D. Still, An exploratory study of cyber hygiene behaviors and knowledge. Journal of Information Security and Applications. Vol. 42 (2018) 36-45. [4] S.Honchar, H. Leonenko, Analysis of the factors influencing condition cybersecurity of information system of object of the critical infrastructure. Information Technology and Security. Vol. 4, Iss. 2 (7) (2016) 262-268. [5] S. Kovalenko. Insajderska zahroza jak odna z aktualnyx problem kiberbezpeky. Osnovni metody vyjavlennja Aktualʹni problemy kiberbezpeky : zb. tez dop. Vseukrajinsʹkoji nauk. konf. (Kyjiv, 24 žovtnja 2019 Kyjiv : DUT) 28–32. [6] J. Eggenschwiler, I. Agrafiotis, J. RC Nurse, Insider threat response and recovery strategies in financial services firms. Computer Fraud & Security. Vol. 2016, Iss. 11 (2016) 12-19. [7] W. F. Gross, Insider Threat. Computer and Information Security Handbook. (2017) 529-536. [8] Faisal Janjua, Asif Masood, Haider Abbas, Imran Rashid, Handling Insider Threat Through Supervised Machine Learning Technique. Vol. 177 (2020) 64-71. [9] Shuhan Yuan, Xintao Wu, Deep Learning for Insider Threat Detection: Review, Challenges and Opportunities. Computers & Security (2021) 102221. [10] Z. A. Soomro, M. H. Shah, J. Ahmed, Information security management needs more holistic approach: A literature review. Vol. 36, Iss. 2 (2016) 215-225. [11] J. Funke, A. Fischer & D. V. Holt, Competencies for complexity: problem solving in the twenty-first century. In Assessment and teaching of 21st century skills, pp. 41-53. Springer, Cham (2018). [12] A. Parrish, J. Impagliazzo, R. K. Raj, H. Santos, M. R. Asghar, A. Jøsang, T. Pereira, E. Stavrou, Global perspectives on cybersecurity education for 2030: a case for a meta-discipline. In Proceedings Companion of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education (ITiCSE 2018 Companion). Association for Computing Machinery, New York, NY, USA, (2018) 36–54. doi: https://doi.org/10.1145/3293881.3295778. [13] E. Kashtanova, A. Lobacheva, S. Makushkin, T. Ridho, A Competency Model in the Field of Information Technology. In: Bogoviz A.V., Suglobov A.E., Maloletko A.N., Kaurova O.V., Lobova S.V. (eds) Frontier Information Technology and Systems Research in Cooperative Economics. Studies in Systems, Decision and Control, vol 316. Springer, Cham (2021) https://doi.org/10.1007/978-3-030-57831-2_58. [14] S. Shevchenko, Yu. Zhdanova, Mathematical competencies of future specialists information security. Suchasniy zahist informatsii. 4 (2016) 90-96. [15] O. Mandzuk, Qualification requirements to the competence of information analytics-lawyers. Scientific notes of Taurida National V. Vernadsky University. Juridical Sciences. 26(68) (2018) 64-72. [16] V.Buryachok, I.Parhomey, M.Stepanov, V.Tolubko. Problemni pytannja ta aktualʹni zavdannja pidhotovky faxivciv z kibernetyčnoji bezpeky haluzi znanʹ «Informacijni texnolohiji». Suchasniy zahist informatsii. 2(2016) 4-9. [17] M. Bohlouli, N. Mittas, G. Kakarontzas, T. Theodosiou, L. Angelis, M. Fathi, Competence assessment as an expert system for human resource management: A mathematical approach. Expert Systems with Applications, vol. 70 (2017) 83-102. [18] V. Belevitin, S. Bogatenkov, V. Rudnev, M. Khasanova, A. Tyunin, Integrated approach to modeling IC Competence in students. International Journal of Engineering & Technology, 7(4) (2018) 60-62. [19] S. Lysenko, K. Bobrovnikova & O. Savenko, A botnet detection approach based on the clonal selection algorithm. In 2018 IEEE 9th International Conference on Dependable Systems, Services and Technologies (DESSERT). IEEE (2018) 424-428. [20] S. Lysenko, K. Bobrovnikova, S. Matiukh, I. Hurman & O. Savenko, Detection of the botnets' low-rate DDoS attacks based on self-similarity. International Journal of Electrical & Computer Engineering, 2020, 10, 2088-8708. [21] D. Magis, J. R. Barrada, Computerized adaptive testing with R: Recent updates of the package catR. Journal of Statistical Software, 76(1) (2017) 1-19. [22] G. Ling, Y. Attali, B. Finn, E. A. Stone, Is a Computerized Adaptive Test More Motivating Than a Fixed-Item Test? Applied Psychological Measurement, 41(7) (2017) 495–511. [23] E. D. Heggestad, D. J. Scheaf, G. C. Banks, M. Monroe Hausfeld, S. Tonidandel, E. B. Williams, Scale Adaptation in Organizational Science Research: A Review and Best-Practice Recommendations. Journal of Management, 45(6) (2019) 2596–2627. [24] Van der Linden, W. J. (Ed.), Handbook of item response theory, three volume set. CRC Press (2018). [25] O.Boychenko, R.Ziubina. The method of calculation of probability of realization of threats of information with the limited access from an internal user violator. Information systems and technologies security. 1 (2019) 19–26.