Risk Analysis and Determination of the Security Level of the Information Ecosystem of the Educational Institution with the Help of an Expert System Valeriia Loiko1, Olena Aleksandrova1, Vitalii Zavadskyi1, Tatiana Bezprozvanna1, and Kateryna Pozdieieva1 1 Borys Grinchenko Kyiv University, 18/2 Bulvarno-Kudriavska str., 04053, Kyiv, Ukraine Abstract The method of determining the security level of the information ecosystem of the educational institution with the help of an expert system and risk analysis are proposed in the development. The proposed method allows to calculate the integrated indicator of the security level of the information ecosystem of the educational institution in quantitative terms and to translate this indicator into a qualitative dimension in accordance with Harrington’s theory. The obtained results of calculations of the level of the information ecosystem of the educational institution are used by the administration of the educational institution for making managerial decisions with the help of the expert system. Keywords 1 Information ecosystem, economic security, educational institution, risks, analysis, policy, money, expert system. 1. Introduction Information is the basis of information security of any business entity and educational institution as well. Since information does not exist as a separate object, but is produced, distributed and consumed by people, it is reasonable to study not the information as a separate object, but the information ecosystem. Information ecosystems are a fairly new object of study for scientists. The information ecosystem is classified as a system that is able to manage information, build relationships between objects and is unique to each organization [1]. The peculiarity of information ecosystems is that the central core of this system is a person and information is an important element of life for him or her, because the person makes decisions on the basis of the received information. In today’s world, people receive, produce and transmit information every second. There is an infrastructure for the transfer of information, which is constantly updated. These updates change the amount and speed of information transfer. Since information can be distorted or lost at any stage of its transfer to humans, the risks that arise in information ecosystems should be investigated. Loss or distortion of information in information ecosystems leads to loss of money and damages in the institution. This requires the study of those risks that can lead to negative economic consequences. Educational institutions are a source of information that forms an educated modern person in the process of teaching in secondary education, and forms future professionals in the process of teaching in higher education institutions. Therefore, the importance of information in educational institutions is undeniable. In order to quantify the level of the information ecosystem, it is advisable to use the term “information security” as a component of the economic security of the educational institution. Modern information ecosystems of educational institutions are little studied in the works of scientists, so it is reasonable to pay attention to risk analysis CPITS-II-2021: Cybersecurity Providing in Information and Telecommunication Systems, October 26, 2021, Kyiv, Ukraine EMAIL: v.loiko@kubg.edu.ua (V. Loiko); o.aleksandrova@kubg.edu.ua (O. Aleksandrova); v.zavadskyi@kubg.edu.ua (V. Zavadskyi); t.bezprozvanna.asp@kubg.edu.ua (T. Bezprozvanna); k.pozdieieva.asp@kubg.edu.ua (K. Pozdieieva) ORCID: 0000-0003-3248-1585 (V. Loiko); 0000-0003-0030-1367 (O. Aleksandrova); 0000-0002-0384-5979 (V. Zavadskyi); 0000-0003- 2056-4922 (T. Bezprozvanna); 0000-0003-3011-903Х (K. Pozdieieva) ©️ 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings (CEUR-WS.org) 260 and determination of the security level of the information ecosystem of educational institutions in the context of economic security with the help of an expert system. Analysis of recent research and publications. A limited number of works by foreign and domestic researchers is devoted to the issue of identification and classification of information ecosystem risks [2–8]. In the listed article of the journal [2], the author proposes a basic algorithm for risk identification in the risk management system. The article of the journal [3] indicates the information component, the quantitative level of which can be calculated using the selected single indicators, in the economic security of the university. The Internet article [4] examines the current state of the cybersecurity ecosystem in Ukraine and draws conclusions about the need to train specialists in the country’s universities, namely managers and marketers adapted to cybersecurity. In the article of the journal [5] the author presents a structural model of the innovative ecosystem of the university and lists the problems that hinder the development of information ecosystems in universities. The method of diagnosing the state of economic security of educational institutions in terms of functional components is described in the article in the journal [4]. In the article [6], the author considers the information that we receive every day through the media as a critical infrastructure that is subject to protection by the state. This view is also relevant to the information ecosystems of universities, where a large amount of information is produced, accumulated, transmitted and stored. The impact of the information ecosystem of educational institutions on the quality of education is considered in the article [7]. The monograph [8] presents the results of a study on state regulation of the information sphere of the national economy as a whole, which are relevant to the national education system. The article of the journal [9] considers the problem of using expert systems for economic calculations, in particular, for the definition of an integrated indicator of the level of economic securityи. The purpose of the article. The purpose of the article is to develop methodological bases and establish quantitative parameters for determining the security level and analyzing risks in the information ecosystem of the educational institution in the context of economic security with the help of an expert system. 2. Theoretical Fundamentals of Research Most educational institutions face a number of problematic issues of identifying, classifying and assessing the risks of the university’s information ecosystem and determining the security level of the information ecosystem in the context of economic security. The issue of ensuring the security of the information ecosystem has become especially relevant with the entry into force of quarantine restrictions due to the COVID-19 pandemic and the transfer of the educational process in educational institutions to distance mode. Many universities have faced problems with the quality of information support of the educational process and the quality of obtaining current official information by research and teaching staff of universities. The risks faced by universities in the field of information could not be assessed earlier for several reasons: firstly, due to a pandemic, the unusual situation, secondly, due to the lack of an approved methodology for assessing the risks of the university information ecosystem, thirdly, due to the lack of practical experience assessing the risks of the information ecosystem in universities and determining the security level of the information ecosystem in the context of ensuring the economic security of the university. The assessment of the security level of the information ecosystem of an educational institution involves bringing various criteria to a single universal criterion, namely, to an integrated indicator. The integrated indicator of the security level of the information ecosystem of an educational institution is a generalized estimate, which is determined by the desirability limit of individual indicators. The desirability limit means a quantitative measurement of the relative value of a specific single indicator of the security level of the information ecosystem of an educational institution. It can be determined using the Harrington function [10], which has the following formula (1): d j  exp exp yai  , (1) where у(аі) is a function related to individual indicators of the security level of the information ecosystem of the educational institution; аі is the value of individual indicators of the security level of the information ecosystem of the educational institution; і = 1…n, n is the number of indicators selected 261 for evaluation; dj are intervals of desirability of indicators; j = 1…m; m is the number of periods. The value of the indicator dj on the desirability scale is in a specific range from 0 to 1. If dj = 0, this value reflects the worst level of a single indicator of the security level of the information ecosystem. If dj =1, the level of the indicator is characterized as the best. The function that is related to the individual indicators of the security level of the information ecosystem of the educational institution is represented by formula (2): у   , b b a 0 1 (2) i where b0 and b1 are the coefficients of the function, which are determined by the following formulas (3, 4): n n n n  y  a  a   y  a 2 i i i i i (3) b 0 i 1 i 1 n i 1 n i 1 n , n  a  a  a 2 i i i i 1 i 1 i 1 n n n n  y  a  a   y  a 2 i i i i i (4) b1 i 1 i 1 n i 1 n i 1 n . n  a  a  a 2 i i i i 1 i 1 i 1 The limits of desirability may vary depending on the operating conditions and characteristics of the information ecosystem of the educational institution. A comprehensive assessment of the integrated indicator of the security level of the information ecosystem of an educational institution for each single indicator is considered as the geometric mean of the Harrington function for all indicators dj and is calculated by formula (5): n (5) К  d . n j 1 j After calculations, the quantitative parameter, namely the value of the integrated indicator of the security level of the information ecosystem of the educational institution is transferred into a qualitative dimension using the ranges of the security level of the information ecosystem of the educational institution in accordance with Harrington’s theory (Table 1). Table 1 Ranges of value of the integrated indicator of the security level of the information ecosystem of the educational institution according to Harrington’s theory Range of values Characteristics of evaluation 0.00–0.20 Unsatisfactory security level 0.21–0.36 Low security level 0.37–0.62 Satisfactory security level 0.63–0.79 Good security level 0.80–1.00 Excellent security level Source: Harrington (1965) Based on the obtained results of qualitative assessment of the level of the integrated indicator of the security level of the information ecosystem of the educational institution in accordance with Harrington’s theory, the administration of the educational institution makes management decisions to improve the security of the information ecosystem. To obtain the results of the indicator of the security level of the information ecosystem of the educational institution in the future, it is advisable to combine the proposed research methodology with predictive models. 262 3. Research Results The procedure for assessing the state and trends of the information ecosystem of an educational institution in the context of economic security requires a large amount of time-consuming calculations. Therefore, it is advisable to use the developed expert system ‘Software “Universal Expert”’ [11], which allows not only to calculate the level of economic security of the object, - in our case, the security level of the information ecosystem of the educational institution, - but also provides expert opinions on recommended actions to increase the level of economic security. The developed expert system “Universal expert” belongs to the combined type of expert systems. The expert system “Universal Expert” can be used to diagnose the level of economic security of the information ecosystem of an educational institution, to monitor and forecast. The knowledge base of the expert system “Universal Expert” consists of separate blocks: knowledge of the language of communication ensures the operation of the linguistic processor; knowledge of problem-solving processes and providing expert opinions ensure the work of the process interpreter; knowledge of ways of interpretation of knowledge provides work of the module of search of knowledge; additional decision-making knowledge is used for the expert opinion module. For the work of the economic expert system, in particular, the “Universal Expert,” it is necessary to create a database in which a large amount of information is stored and accumulated: financial and statistical reporting information and other data. The expert system “Universal Expert” also has a block of explanations for the user and comments on the actions of the expert system, which are a reference system. A dialog mode is provided for the user’s communication mode with the expert system “Universal Expert”. The user answers the list of questions concerning the information ecosystem of the educational institution determined by the expert and included in the expert system. According to the defined algorithm, the security level of the information ecosystem is calculated in the context of ensuring the economic security of the university and an expert opinion is given. The interface of the expert system “Universal Expert” allows to update the knowledge base, add some functions for additional calculations and clarifications, update existing methods of calculating the level of economic security, including the level of information ecosystem security, add forecast models to obtain forecast for the results. To obtain a predictable security level of the information ecosystem of the educational institution, it is needed to analyze the state of economic security for several adjacent periods to determine existing trends. Given the large number of factors that affect the information ecosystem of the educational institution, it is advisable to make a forecast for the short term as more reliable. According to the developed method of determining the security level of the information ecosystem in the context of economic security of the educational institution, it is proposed to identify four functional components to determine the security level of the information ecosystem in the context of economic security of the educational institution. These components characterize the technical condition of the information ecosystem of the educational institution, the endowment of human resources and the efficiency of the information ecosystem. The technical condition of the information ecosystem of the educational institution is assessed using the following single indicators: the provision of the educational institution with modern equipment, the availability of the Internet, ease of access to the network. Provision of human resources is proposed to be assessed using the following single indicators: staffing of employees who provide the information ecosystem of the educational institution, the compliance of their qualifications with the requirements. It is proposed to assess the effectiveness or efficiency of the information ecosystem through the speed of information transfer from administrative apparatus to subordinates, the accuracy and completeness of the information received, the availability of informal information in the educational institution and its impact on management decisions. It is proposed to assess the innovativeness of the information ecosystem of an educational institution by the following unit indicators: the number of innovations introduced into the information ecosystem of an educational institution during the year, the availability of own developments with registered intellectual property rights in the information ecosystem of an educational institution. Single indicators that could not be quantified or calculated according to certain formulas were quantified using expert assessments. The algorithm for calculating risk analysis and determining the security level of the information ecosystem in the context of economic security of the educational institution using an expert system is shown in Fig. 1. 263 Collection and preparation of data for risk analysis and determination of the level of security of the information ecosystem of the educational institution in the context of economic security with the help of an expert system Choice of methods of risk analysis and determination of the level of security of the information ecosystem in the context of ensuring the economic security of the educational institution Calculation of the quantitative value of the information level of the information ecosystem in the context of ensuring the economic security of educational institutions The level of error is Mathematical model error unacceptable analysis The level of error is acceptable Analysis and acceptance for further calculations of the value of the indicator of the level of security of the information ecosystem in the context of ensuring the economic security of the educational institution Data analysis with the use of new observations The level of Information ecosystem security indicator error analysis error is unacceptable The level of error is acceptable Analysis of the obtained results and application of the value of the information ecosystem security indicator in the context of ensuring the economic security of the educational institution for management decisions Figure 1: Algorithm of risk analysis and determination of the level of information ecosystem security in the context of economic security of an educational institution with the help of an expert system (proposed by the authors). 264 According to the proposed algorithm and the developed methodology, the level of information ecosystems of five educational institutions for the last three years was assessed using the expert system ‘Software “Universal Expert”’. The results of the calculations are given in Table 2. Table 2 The results of calculations of quantitative values of functional components and integrated indicator of the security level of information ecosystems of educational institutions Technical Provision of Efficiency of Innovativeness Integral index Period conditions in human the of the of the security information resources information information level of the ecosystem of in ecosystem of ecosystem of an information an information an educational educational ecosystem of educational ecosystem institution institution an educational institution of an institution educational institution Educational institution А 2018 0.765 0.753 0.532 0.239 0.520 2019 2020 0.778 0.783 0.543 0.275 0.549 0.805 0.801 0.698 0.312 0,612 Educational institution B 2018 0.654 0.543 0.402 0.101 0.346 2019 2020 0.689 0.672 0.531 0.154 0.441 0.723 0.734 0.602 0.176 0.487 Educational institution B 2018 0.834 0.738 0.781 0.264 0.596 2019 0.865 0.812 0.823 0.212 0.592 2020 0.887 0.847 0.853 0.276 0.641 Educational institution D 2018 0.683 0.564 0.643 0.187 0.464 2019 2020 0.725 0.679 0.671 0.232 0.526 0.789 0.726 0.698 0.321 0.598 Educational institution J 2018 0.678 0.762 0.563 0.121 0.433 2019 0.781 0.821 0.623 0.185 0.521 2020 0.792 0.854 0.689 0.197 0.550 Source: Compiled by authors According to the calculations of the quantitative value of the integrated index of the security level of the information ecosystem of the educational institution using the proposed method, the following conclusions were made. All objects of research, namely educational institutions, had a positive dynamics of changes in the integrated index of the security level of the information ecosystem. The conclusion can be made about the increasing level of information ecosystem in national educational institutions. This situation was facilitated by the fact that most educational institutions were forced to 265 work in distance learning mode due to quarantine restrictions during the COVID-19 pandemic. The transition to a distance learning system in national educational institutions has highlighted the problems of the information ecosystem. This concerned both the technical provision of educational institutions with means for distance teaching of academic disciplines and the level of staff training on the ability to use technical means for distance learning of students. The forced transition to distance learning has attracted the attention of the administration of educational institutions on the problems of information support of the learning process. Thus, it can be stated that the security level of all educational institutions, which were involved in the analysis, increased due to timely management decisions. According to the calculations of the quantitative value of the integrated index of the security level of the information ecosystem of the educational institution, it is necessary to analyze the qualitative state of the security level of the information ecosystem of the educational institution in accordance with D. Harrington’s theory (Table 3). Table 3 The determination of the security level of the information ecosystem of an educational institution according to the calculated integral index of the level Period Integral index of the Interval according The security level of the security level of the to information ecosystem of information ecosystem of D. Harrington’s an educational institution an educational institution theory Educational institution А 2018 0.520 0.37–0.62 Satisfactory security level 2019 0.549 0.37–0.62 Satisfactory security level 2020 0,612 0.37–0.62 Satisfactory security level Educational institution B 2018 0.346 0.21–0.36 Low security level 2019 0.441 0.37–0.62 Satisfactory security level 2020 0.487 0.37–0.62 Satisfactory security level Educational institution C 2018 0.596 0.37–0.62 Satisfactory security level 2019 0.592 0.37–0.62 Satisfactory security level 2020 0.641 0.63–0.79 Good security level Educational institution D 2018 0.464 0.37–0.62 Satisfactory security level 2019 0.526 0.37–0.62 Satisfactory security level 2020 0.598 0.37–0.62 Satisfactory security level Educational institution J 2018 0.433 0.37–0.62 Satisfactory security level 2019 0.521 0.37–0.62 Satisfactory security level 2020 0.550 0.37–0.62 Satisfactory security level Source: Compiled by authors According to the calculations and interpretation of numerical values of the security level of the information ecosystem of educational institutions, it can be concluded that all educational institutions had a sufficient security level. In 2020, only educational institution C received a “Good security level”. 266 In the course of the research, the identification and classification of risks of the information ecosystem of educational institutions have been conducted. Political and financial risks are among the most threatening types of risks that can negatively affect the security level of the information ecosystem of an educational institution [12, 13]. Political risks include: unstable political situation in Ukraine, annexation of part of the territory of Ukraine, military conflict in the East of Ukraine. Financial risks include: limited financial resources of educational institutions, failure to make full use of all opportunities of educational institutions to obtain additional financial resources, inefficient use of available financial resources in educational institutions. 4. Conclusions and Prospects of Further Research According to the calculations of the security level of the information ecosystem of educational institutions, it can be concluded that all educational institutions had a sufficient security level. Of course, the annual monitoring of the security level of the information ecosystem by the selected functional components will facilitate the timely adoption of management decisions and outline the risks that the educational institution has in the information ecosystem. The proposed method of determining the security level of the information ecosystem of educational institutions has been tested on the data of national educational institutions. To implement a large amount of calculations, the expert system ‘Software “Universal Expert”’ was used, which provided an opportunity to get accurate results faster. The application of the proposed algorithm of calculations, methods and expert system allows educational institutions to monitor the security level of the information ecosystem, which allows for timely management decisions. 5. References [1] M. Ugaz, A. B. Alva, Model for Effective Collaborative Learning in Virtual Worlds with Intelligent Agents, Handbook of Research on Interactive Information Quality in Expanding Social Network Communications, 2015. doi:10.4018/978-1-4666-7377-9.ch015. [2] V. Fedulova, Identification of risks as a component of risk management, Intelligence XXI 4 (2016) 29–45. [3] V. V. Loiko, et al., Methodical tools for security level diagnostics of the modern University’s, International Journal of Electronic Security and Digital Forensics 13(2) (2021) 115–132. doi:10.1504/IJESDF.2021.113385. [4] What the cybersecurity ecosystem of Ukraine looks like is the first major study. URL: https://ain.ua/2021/08/10/yak-viglyada%D1%94-ekosistema-kiberbezpeki-ukra%D1%97ni/. [5] L. Fedulova, Innovative ecosystem university, KNTEU Bulletin 4 (2016) 162–177. [6] S. Maliar, Critical infrastructure: safety challenges, Baltic Rim Economi, Bre rewiew, Pan- European Institute, 2019. [7] O. Aleksandrova, et al., Control of the quality assurance system at the modern Ukrainian university, Scientific Bulletin of National Mining University 2 (2019) 153–163. [8] A. E. Fedorenko, State regulation of the development of the information sphere of Ukraine in the conditions of transformation of the national economy, ChNTU, Chernihiv, 2020. [9] V. V. Loiko, D. М. Loiko, An expert system as a tool for determining the level of economic security, Scientific and Technical Information 3 (2015) 41–46. [10] E. C. Harrington, The Desirability Function. Industrial Quality Control. 1965. [11] V. V. Lukin, D. M. Loiko, V. V. Loiko, Computer program “Universal Expert” software. Certificate of registration of copyright to the work #41023, Nov. 18, 2011. [12] ISO 31000:2018. Risk management—Guidelines. URL: https://www.iso.org/ru/standard/ 65694.html. [13] On Risk Classification—American Academy of Actuaries. A Public Policy Washington, 2011. URL: https://www.actuary.org/sites/default/files/files/publications/RCWG_RiskMonograph_ Nov2011.pdf. 267