engineering, cyber gaming, education, model, the human factor

The issues of vulnerabilities in corporate systems, access to information of critical infrastructure objects are some of the central issues of information security today. According to the analytics of leading companies in the field of information security, the number of large-scale attacks at the level of organizations regardless of type (government, private companies, service providers, etc.) increases annually. The growth’s stimulant, in this case, is both the growth of the position of the number of connected equipment on the Internet and the transition of companies in the context of the digital formation of States according to some stages from an initial electronic government to an open government, further to a datacentric government with the ultimate goal of moving to the stage of "smart government". This trend will exponentially contribute to the further increase in information security risks. From these positions, the need for monitoring and comprehensive, systematic audit of the current state of resources and infrastructure of organizations is taking a serious turn [ 9 ].

According to statistics of conducted audits of information security, the central problem of the security of the organization is the problem of the influence of the human factor. Indeed, risks from

2021 Copyright for this paper by its authors. personnel represent a distinct group of information security risks of the organization with a specific set of causes and conditions for their implementation.

Today, in the framework of employment, applicants are not only required to comply with the professional model of the specialist in the context of professional skills (hard skills), but also a certain complex of psychophysiological characteristics (soft skills). Thus, the optimal combination of soft skills and hard skills presents some models of a graduate of an educational institution to the context of a continuous education model [ 7 ]. This article attempts to focus on the field of information security [ 3, 12 ]. However, it can be extended to other spectra and interdisciplinary areas of research.

The purpose of this article is to describe the technology of generating the readiness indicator of an information security specialist as an element of a trusted digital environment.

Historically, the problem of the specialist's readiness for professional activities was central in the development of national economic sectors. And if in modern reality they emphasize from the position of the conceptual apparatus «readiness», then some time ago the emphasis shifted to the concepts of «factor», «human factor».

After analyzing the conceptual apparatus, we can conclude that the correlation of the categories under consideration is more than high. Even S. A. Kuznetsov in the Great Interpretive Dictionary of the Russian language considers the factor in the form of «significant circumstance contributing to the process or phenomenon», the human factor in the form of «the role and significance of a person in public life, social processes with a person as a subject of activity», readiness as a certain inclination, and in a combination of «professional readiness» sees as a tendency related to professionalism [ 7, 8 ].

With the growth of production and the development of the national economy sectors, the increase in knowledge-intensive production, the center for the study of categories shifted and became an application of the different spheres. Thus, readiness was considered from the standpoint of a combination of factors, such as scientific knowledge, the organizational structure of the enterprise with a set of internal and external relations, moral and social qualities [ 3, 11 ]. And the complexity of these factors represented the human factor.

On the other hand, it is possible to represent that the human factor as a specific individual contribution to the formation of quality and system effectiveness issues in which it has been in operation. Thus, we can conclude a combination of the number of internal (natural) and external (social) elements. Then a comprehensive assessment of the influence of the human factor on the subject area (for example, information security) as part of the assessment of the specialist readiness indicator is possible from the position of the combination of soft skills and hard skills, which are the results of the characteristics vector:  energy, characterizing the level of physiologically functions activity and systems (circulation, respiration, etc.);  information characterizing processing of received information and making decisions based on it, i.e. reflecting cognitive processes (thinking, memory, motivation, personality structure, individuality);  effector, responsible for the implementation of the adopted decisions (quantitative and qualitative indicators of professional activity and physiological parameters);  activation, which determines the orientation and degree of tension of professional activity: level of attention, stress resistance, peculiarities of the motivational sphere [ 7 ].

The modern concept of the human factor is not limited to the analysis of knowledge embodied in the person and contributing to creative work, demonstrating a broader approach, considering as human potential not only knowledge embodied in a person but also accumulated scientific knowledge objectified in new databases, etc., as well as relations with other economic entities.

The human factor can be defined as a specific human contribution to the quality and effectiveness of the various systems of which it is an element [ 11 ] (Table 1).

Thus, the human factor, on the one hand, is a component of the system, on the other hand, is itself a system category, forming a plurality of system constructions in which it acts as a subsystem or element thereof.

Implementation in the human factor.

A human factor is a complex event.

A human factor is developing on the interaction of environment (economics, politics, physics, etc.).

A human factor is a local element in the common set.

A human factor is a multidimensional concept consisting of a large number of structural invariants reflecting different sides and properties of the human factor as a system.

Infeasibility of human factor’s properties to the total of its constituent components, if the system has integrative qualities.

The human factor includes both natural and social elements, many of which can be developed and improved through physical and psychological actions, education. Forming and accumulating during the life of an individual, the human factor as the production develops loses the signs of a natural resource, acquiring the features of the formed and reproduced. The main element here is continuing education, which contributes to the formation of the social component of the human factor.

Note that the list of the composite human factor is not exhaustive, since it can be supplemented or modified. For example, it is permissible to split the social potential of the human factor into information security.

According to statistics of conducted information security audits, the central problem of security in different organizations is the influence of the human factor [ 1 ]. Indeed, risks from personnel constitute the separate group of information security risks of the organization with the specific sets of causes and conditions for their implementation. Therefore, the issue of quality training according to the current requirements and demands of the modern labor market is more than a priority in the context of a trusted digital environment at the open state stage of the country.

Today, in the framework of employment, applicants are required not only to comply with the competent model of a specialist in the context of professional skills (hard skills), but also a certain complex of psychophysiological characteristics (soft skills). Thus, the optimal combination of soft skills and hard skills represents some model of an abstract graduating student of an educational institution to the context of a continuous education model [ 7 ]. This article attempts to focus on the field of information security as the author's immediate subject area [ 3, 11 ]. However, it can be extended to other spectrum and interdisciplinary areas of research.

The purpose of this article is to describe the technology of generating information security specialist readiness indicators as part of the trusted digital environment.

The specialist readiness indicator is directly related to the subject area, therefore, the specialist readiness technology is logical to build from these positions. Let's take a look at information security. The effective solution of problems in this area requires highly organized, highly qualified personnel support, ranging from the employment procedure to continuous processes of advanced training, retraining taking into account program and technological, organizational changes in the information security of the open state. Moreover, the procedure of employing a specialist from the position of a readiness indicator involves an analysis of its characteristics, while the working process is accompanied by the effect of accumulative frequencies of the factors included in it, as well as the formation of additional links [ 14 ].

According to the Law on Education, "the education system creates conditions for continuing education through the implementation of basic educational programs and various additional educational programs, the provision of the opportunity to simultaneously master several educational programs, as well as taking into account the available education, qualifications, practical experience in obtaining education". In the context of continuing education, we will formulate the main stages of the development of the indicator of readiness of information security specialists (Figure 1). General secondary education •1) preschool education ; •2) elementary education; •3) common secondary education; •4) general secondary education.

Professional education •1) common professional education; •2) higher education - undergraduate studies; •3) higher education - specialty, master's degree; •4) higher education- training of highly qualified specialists.

Aditional education • aditional education$ •aditional professional education.

Therefore, to generate a readiness index, it is necessary to enter a group of cumulative factors for the assessment of soft skills and hard skills, as well as nominal characteristics with branching by categories and types/forms of education.

Within the project supported by Charity Foundation of Potanin in 2021 in FGBOOU WAUGH "Novosibirsk State Technical University" is developed in the scientific purposes the automated system of assessment of an indicator of readiness of experts of the direction 10.03.01 "Information security" and 10.05.03 "Information security of the automated systems". This system is a tool for monitoring and analyzing training results. The impact of gamblers in the implementation of programs for the education of an enlarged group of specialties 10.00.00 "Information Security" [ 7, 12 ] is also evaluated.

Implementation of the automated system for the readiness indicator modeling can be one of the useful methods. Algorithm or the comprehensive approach to the estimation of specialists readiness, based on the results of the expert questioning, accumulated frequencies (fuzzy model with linguistic and point scales). It consists of the next blocks:

To create and operate the above-mentioned system, a generalized algorithm for estimating the readiness indicator is implemented as the result of the following units:

Block 1. Modeling the definition of readiness indicator.

Block 2. Generation of readiness indicators benchmarks.

Block 3. Procedure for assessment of readiness indicator.

Block 4. Generalization and interpretation of the results.

Block 5. Forming of conclusions and adjustment of model.

Block 1 is one of the most complexes since it involves the analysis and formalization of criteria and the selection of readiness indicator indicators. Every indicator contains both quantitative and qualitative indicators. Quantitative indicators include specialty/direction data resulting from the competency model in the section of the blocks of disciplines of the curriculum. Qualitative indicators represent a complex of psychophysiological characteristics within the framework of the given direction. Quantitative criteria for choosing indicators should be valid, effective, systemic, and measurable (the quantitative and quality aspects).

The technology for generating the specialist readiness indicator is presented in the form of a multilevel structure and involves a consistent solution at all stages: stage 1, stage 2, stage 3.

Stage 1 is time-consuming because it requires the collection and processing of information. By the indicator of readiness of a graduate at this stage is understood: the level of educational achievements of a graduate of an educational institution; an indicator of psychological indicators; the level of interest of the graduate in the field of information security. form: 1. The level of readiness of a student to study at a university ( 011) is an expression of the following where где j – the result of curriculum training (1<jn, n – disciplines curriculum); - coefficient of the significance of disciplines j (0 < < 1); - total result Хi by discipline j (25 ≤ ≤ 100); – summary coefficient of significance (0 < < 1); weight wi={0, 1}, - total graduated result Хi of discipline j (25 ≤

≤ 100); – number of disciplines in curriculum training part j.

2. The indicator of psychological suitability ( 021) is a complex three-component qualitative indicator that combines data on the attention, accuracy of a graduate when working with service documentation, etc. Evaluation is carried out on 5 levels: A - high, B - above average, C - medium, D below average, E - low. interest of a graduate of an educational institution based on comprehensive methods. 3. The level of interest in the field of information security ( 031,%) is an assessment of the level of Stage 2 includes the professional selection of applicants based on the set of obtained indicators.

Stage 3 involves the formation of a readiness indicator based on the entire period of study at the university. The indicator takes into account the set of nominal and calculated characteristics.

An integral evaluation in a theoretical and practical context is a weighted average estimate. As weights, we take the normalized coefficient of significance, calculated as the results of an expert survey: =1 =1 =1 =1 =

∑ ⋅ ∑ ⋅ + (1 − )⋅ = ∑ С ⋅ ∑ К ⋅ + (1 − )⋅ ⋅ ∑

=1 + ∑ = +1 + ∑ = +1 ⋅ ∑ =1 ⋅ ⋅ where – normalized coefficient of the significance of discipline i; , - normalized coefficient of significance competency (discipline group C and discipline group O); α - coefficient of the significance of competency O; n, m – number of competencies C and O accordingly; and С С ( and ) – the total result of competency j cycle of disciplines C and O accordingly; k1 and k2 – number of disciplines by realized C and O competencies; k – total number of disciplines.

The type of parameters of the common educational component (readiness indicator) of information security is shown in Table 2.

Different information security initiatives are being carried out to improve the educational component (readiness indicator) of information security specialists. An example of the quest is a game held at Novosibirsk Technical University for students of the direction of information security.

Using role-playing games for information security awareness tasks has many benefits. In addition to the clear task of simulating a real situation, we can also note the removal of psychological barriers in the interaction of players, and gaining access to practical cases that are difficult to integrate into other types of games. In recent years, there are a lot of various types of games based on the use of roles that are widely represented in information security training tasks [ 2, 4-6, 10 ]. Tasks used in these types of games must be usually connected in logical chains or performed in quest’s form, and also contain keys or a fixed execution scheme. It should be noted that a large number of ethical hacking competitions are organized as Capture The Flag (CTF) in Novosibirsk Technical University. The game takes place in the digital world, while each team must protect and attack vulnerable systems and collect the flags which are alphanumeric strings. Each challenge has a description, related files, or website links, 2 featuring potential hints, and the number of reward points which each participant or team collects after a successful flag submission [ 2, 4-6,10,13 ]. Groups or individual participants are trying to collect as many reward points as possible within a certain time. The winner is the individual or the team with the most collected reward points [ 6 ]. (2) (3)

The technology of formation of qualitative and quantitative indicators in the form of the information security specialist readiness as an element of a trusted environment figure has been tested in Novosibirsk technical university. Students of different specialties (10.03.01 Information security, 10.05.03 Information security of automized systems) took part in this experiment (department information security). Thus, experimental work on the formation of indicators of readiness of specialists in the field of information security was carried out in the period 2020-2021.

The formation of readiness indicators of information security specialists, interaction with employers contributed to increasing the responsibility of all participants in the educational process for the total results. The results of pedagogical monitoring were: a clearer organization of practices, improved educational programs of some disciplines, modified educational and methodological complexes, modernized laboratory installations.

Teachers noted the increased interest of students in the learning process. From these positions, the motivational factor for learning was investigated throughout the training period according to the modified methodology. Table 4.4 presents the structure of educational motivation of students of different groups throughout the entire period of study. In the motivational structure of students, motives related to professional self-realization in the field of information security, as well as educational and cognitive motives, occupied a leading place. These groups of motives for senior students are real and encouraging since they are associated with close professional goals. According to teachers, the awareness of the process of forming an indicator of readiness as a result of the training was an important factor affecting the motivational structure of students in the information security direction

The dynamics of structural elements of the readiness indicator on average (levels of theoretical knowledge, practical skills) are positive. Individual psychological qualities were assessed by specialists of the professional psychological selection group using a set of psychodiagnostic methods and tests taking into account modern requirements for an information protection specialist.

The experts of the commission, when assessing the psychological qualities of specialists in the field of information security, concluded the professional suitability of graduates based on levels of determination, mindfulness, stress resistance, and others.

To improve the interaction of the modern labor market and the continuous system of employment education, the option of creating federal and regional e-employment operators (FO and RO) was proposed. The conceptual scheme of the electronic employment operator in the modern labor market determines the interaction at two levels: federal and regional. The federal level is implemented by introducing the Federal Economic and Social Fund, the functions of which should include: the creation of single information space for storing and processing personal data, the creation of a state system for ensuring integrated information security, and the organization of bilateral communication with the Federal Economic and Economic Council (processing requests). RO implements the functions of the state computer system with the corresponding services providing it, designed to edit and add indicators of readiness of specialists, and also organizes two-way feedback with the continuous education system and the labor market through the specialist readiness indicator mechanism on request.

Problem stating. Let L be the Federal Electronic Employment Operator (FO); Rj - Regional eemployment operator (RO), where j = 1.. n (n is the number of regions); - graduating educational institutions, where i = 1.. mj (mj is the number of educational institutions); - employers' organizations, where k = 1.. pj (pj is the number of employers organizations). It is necessary to build a simplified conceptual model with feedback on the functioning of the e-employment operator in the modern labor market to increase the effectiveness of the interaction between the modern labor market and the continuous education system, the quality and speed of the provision of public employment services (Figure 3).

In the framework of the theoretic-multiple models of the FO and RO, we consider network paradigms (Petri networks and their extensions) of structuring causal connections and modeling systems with parallel processes that serve to stratify and traditive the dynamics and discrete-continuous systems.

The use of Petri networks has proved their validity in various fields: the development of communication protocols, parallel and distributed systems, verification of object-oriented programs, etc. [ 2 ]. Modeling in Petri networks is carried out at the event level and is widely used in modeling socially significant areas of human activity.

The Petri MA network is presented as a tuple of the form (4):

< S, TY, IN, OUT >, (4) where S - a non-empty set of educational results, results of competencies formation according to the direction/specialty of training, "Psychophysiological characteristics" (PSFH); TY={tij, t’ij, yij, y’ij}2,n1+n2 is a finally non-empty set of communications (transitions); IN: (S×TY)→N a set of input one-to-one matching functions of a set of vertices and transitions; OUT: (S×TY)→N a set of output one-to-one matching functions of a set of vertices and transitions in the context of continuous education, namely:

OUT1- The outcome of the general education; OUT2 - The outcome of the higher education/secondary special education disciplines; OUT3 - Employment through FO and RO (Figure 3).

A model of the process of forming the threshold level of the applicant of the output function OUT1 is a Petri network with nodes and connections in the form of sets of disciplines, PSFX, and processes of their formation. The initial marking of the network determines the level of the preschool of the educational institution (IN1,..INn). Markers of transitions of TY={tij,t’ij, yij, y’ij}2,n1+n2 represent threshold values potentials of studying a complex of disciplines of a set of TY according to the list of entrance functions.

The article proposes the technology of forming a qualitative and quantitative indicator in the form of an indicator of readiness of an information security specialist as an element of a trusted environment figure. The article proposes also a simulation model of the functioning of the FO and RO in the modern labor market based on the Petri network. The Petri network is a set of functional transitions between node elements, presented in the form of results of specialized educational programs, results of competency formation, psychophysiological characteristics for any training direction/specialty.

The operation of the FO and RO, which are based on the State information system for processing multisociometric components, contributes to the effective and expeditious interactions between the modern labor market and the continuous education system, as well as the timely provision of public employment services.

The proposed algorithm involves Big Data processing. The modern level of informatization allows us to automate the process without any difficulties since the tools of fuzzy mathematics used are easily programmable and do not require specialized hardware. Developed based on fuzzy logic algorithms, the Automated System allows not only to determine the importance of criteria and analyze expert data following them but also to interpret the obtained calculations in the form of recommendations for eliminating identified shortcomings. Also, the proposed information system allows selecting experts to participate in the quality assessment of the assessed system by the expert qualification criteria in the area under consideration, using fuzzy mathematical algorithms [ 9 ]. The information system is currently in trial operation. A detailed description of functions and capabilities is not subject to this article and will be submitted upon receipt of the certificate of state registration of software.

Thus, the availability of quality assessments will be useful in the implementation of a coherent, interconnected system of expert actions aimed at achieving the goals and results of evaluation activities at each stage of the generalized algorithm.

When assessing the readiness indicator, the principle of an integrated approach reflects the need to take into account all evaluation criteria, as well as emerging socially significant needs and results of activities in all cycles of individual activity.

This work was supported by the Vladimir Potanin Foundation for Basic Research project No GK21001229.