The creation of a DEEU is a key element of the modern educational system in any developed country. Publications [1–3] show that with the development of Information Technologies (IT), a high-quality DEEU contributes significantly to the improvement of the quality of education. The creation of a centralized information management system has several important reasons: relevance and accessibility of information, interactive training, flexibility and mobility, individualization of training, development of digital skills, saving resources of educational institutions, etc. [4, 5]. During training, students leave various so-called DTs. Here is just a small list of such DTs left by students during their studies and interactions with the DEEU [6–8]: email; online learning platforms; social media; digital files; internet searches; etc. These DTs can be useful for students, teachers, and university administrators for tracking educational progress, assessing work, communicating, and analyzing data to improve the quality of the educational process. No less important, however, is the task of ensuring the confidentiality and protection of these DTs and the personal data of students and teachers. The latter is because in many cases the DT of DEEU users contain personal information. Therefore, the information contained in the DT may be subject to cyber-attacks or misuse. In the context of the globalization of education [9], universities should adapt their IS policies to protect data in the DT to the maximum extent possible, and inform students of the institution’s strategy for protecting user data, its IS policy, and specific practices for protecting their DT [ 10–12 ].

Information security of the DEEU is a complex system that provides for the protection of the information space available in an educational institution. Such a system or systems make it impossible to damage or steal the personal data of participants in the educational process, as well as information that has financial, intellectual value, etc. Ensuring the effective functioning of the information security system of DEEU requires the expenditure of certain financial resources within the framework of the data protection strategy chosen by the educational institution. When developing such a strategy, it is advisable to take into account factors of the external and internal environment, since achieving an optimal result can only be achieved if a balance is found between the available capabilities and the desired results. These results also include the integral goal of improving the quality of education by leveraging the potential of all forms of organizing the educational process and developing the infrastructure of universities in the context of digital transformation. In such a situation, for the management of an educational institution and personnel responsible for information security policy, a context-driven approach to intelligent decision support for ensuring information security of the centralized information security system based on the analysis of users’ central systems may become in demand.

All of the above predetermined our interest in research in this area.

The purpose of the study is to develop an algorithm for a decision support system that, based on the analysis of DT, contributes to improving the quality of education and the degree of security of the DEEU.

When analyzing DT in a DEEU, administrators, and information security specialists are most often concerned with analyzing log files. In addition, log files and DT are related in the context of analyzing digital evidence of user actions. Here are just a few examples of the relationship between log files and users’ DT in the CSO: information storage in the DEEU; event recovery; data analysis; etc. Thus, log files and DT are interrelated, since log files contain information about events and actions that can be analyzed to identify, locate, and interpret DT in the context of analyzing digital evidence of the activities of users of DT, both in the context of improving the quality of the educational process and in the context of IS DEEU. Log files are independent characteristics of a user’s work on the university network. They contain information about system logins, resource usage, errors, network activity, and other events in the data center.

However, to fully understand the context of a user’s experience, log files typically require analysis and interpretation by other tools.

Contextual characteristics of a user’s experience in the DEEU can include information about time, location, applications used, and other factors that may be related to the user’s specific situation or task in the DEEU. These characteristics can be extracted from log files. However, additional analysis and context is usually required. Such analysis can be implemented using specialized software, such as Splunk, ELK Stack (a software stack that includes Elasticsearch, Logstash, and Kibana), etc. [ 13, 14 ].

The level of security of the DEEU can be increased in particular by using decision support systems, artificial intelligence, and machine learning methods.

In the context of the research objectives, it is necessary to develop an algorithm for DSS that, based on the analysis of the DT, helps to improve the quality of education and the level of security of the DEEU. In the approach proposed below, artificial intelligence is expressed through machine learning techniques using matrix factorization.

We believe that the DEEU has many users: and tasks related to information security U = {u1, …, un} both educational tasks E = {e1, …, em} and tasks related to IS DEEU—S = {s1, …, sk}.

Then administrators of the DEEU have access to matrices containing, for example: • Ratings are given by users based on their

priority for educational tasks—MEn×m. • And, also characterizing the user from the point of view of compliance with information security rules when working in the DEEU—MSn×k.

In the matrix MEn×m, a certain number is put in place of meij(i∈1, …, n; j∈1, …, m) if the user of the DEEU (ui) evaluates the task (ej) based on his priorities, and remains empty otherwise.

Data is taken based on user DT from Moodle, Blackboard, Canvas, Google Classroom, etc.

To fill out the second matrix according to the criteria for safe behavior in the DEEU, we will identify the following types of users according to the level of their competence in information security issues:

Knowledgeable users. This group includes users who are well aware of the information security risks in the university network or the DEEU as a whole. Such users take active measures to ensure the information security of their data and accounts in the DEEU. Such users punctually follow recommendations for creating complex passwords, regularly update software, do not open suspicious links or attachments in emails, and use reliable antivirus software.

Careless users. This group includes users who do not pay due attention to information security measures. Consequently, they are quite vulnerable to attacks, both external and internal.

Users of this group typically use weak passwords and repeat them for different accounts. These users, usually, ignore suspicious activity on the network and do not comply with measures to protect their data in the DEEU.

Unaware users. This group includes users who do not have a sufficient level of knowledge about information security measures when working on the network. They may not be aware of the risks associated with opening suspicious links, and they may not be familiar with the rules for using public Wi-Fi networks in the DEEU. Such users install untrustworthy software without fear and often transmit confidential data through unsecured communication channels.

Indifferent users. This group includes users who do not show any interest in information security issues on the university network and who do not adhere to basic information security measures.

Irresponsible users. This group includes users of the DEEU who violate the rules and policies of information security on the university network. They may attempt to gain unauthorized access to the DEEU, distribute malware, violate data confidentiality, or engage in fraudulent activities within the DEEU.

The above categorization of user types is rather arbitrary. As noted in [15], there are no clear boundaries between the mentioned categories of users. As they gain knowledge, for example through relevant courses in university curricula, users may move from one type to another, recognizing the importance of online information security and taking appropriate measures to protect their data and accounts.

Then in the matrix MSn×k, a certain number is placed in place msij(i∈1, …, n; j∈1, …, k) if the user of the DEEU (ui) is assigned to a certain group (sj), based on the style of his behavior in the DEEU in the context of compliance with information security rules.

In effect, this matrix displays data related to the information security competencies of students and employees. In a digitized form, such a matrix may contain, for example, the behavior style of a student or employee in information security matters. Such data has been obtained based on the analysis of the DT, e.g. using the methodology given in [16, 17].

Otherwise, i.e. when the IS style assessment is not performed, the space remains empty.

It is required to find vectors ( ̂ ), ( ̂ ) containing data about: 1. In the context of the formation of an individual educational trajectory of already known assessments of the user (ui), i.e. ( ̂ ). Also estimated estimates— (̂ ). 2. In the context of developing skills for safe work in the DEEU of already known skills, for example, based on the DT or testing results, i.e. ( ̂ ). Also estimated assessments, after the acquisition, of the relevant competencies in information security—( ̂ ).

Since one of the research objectives was to develop an algorithm for DSS, Matrix Factorization (MF) was used as a machine learning method. MF meant the decomposition of the original matrix into the product of two matrices of small rank [18, 19]. Accordingly, the interaction of users with an object will be modeled as a scalar product of vectors of representation of users and objects in a factor space relating, for example, to the competencies of students in information security issues. Note that factorization models have proven themselves well when working with highly sparse matrices [18, 19]. This is because MF allows you to extract hidden dependencies based on the analysis of users’ DT in the DEEU and make predictions based on large volumes of information circulating in any educational institution.

In the context of machine learning, DSS MF can be used, for example, for the tasks of developing recommendations related both to improving the quality of the educational process as a whole and to individual competencies of students and employees, for example in information security.

Since working with matrices is similar, in the context of this study we consider only the algorithm for working with the matrix of student assessments in the DEEU, see Table 1 and Fig. 1.

Let us present the assessment matrix MEn×m as a product of two matrices:

Matrix An×w, which includes a numerical description of hidden (latent) characteristics of users (for example, behavioral patterns: regularity of activity in the DEEU, frequency and time of entry into the DEEU, typical activity intervals; content consumption; access level, etc., frequency of erroneous logins, attempts to access prohibited resources, etc., as well as explicit ones (course, age, average grades, etc.).

Matrix Bw×u, which characterizes educational tasks, for example, the priority of courses in IT and/or information security for the formation of an individual educational trajectory.

We fill in random variables based on the law of uniform distribution on the interval 0; maxmeij / k 

of the latent characteristics for, respectively, the matrices A and B.

Then solve the minimization problem using the dependence (1): argmin ME − M^E + B +  A , (1) where ME is the matrix that is obtained as a result of approximation from the matrices A and B, α, β which are algorithm parameters.

At each step of the iterative algorithm, error minimization will include the following steps presented in Table 1 and Fig. 1. As the volume of data obtained increases, and therefore the data sparsity decreases, an increase in the number of iterations may be required. Control of the number of iterations can be automated. Currently, the development of appropriate software is underway, with the help of which, after factorization and comparison of the accuracy of predictions with past results, it will be possible to develop, using DSS, to improve the quality of the educational process, and, in particular, competencies in information security. If the prediction accuracy Air = Air − v(BrEj + Air ), where r 1,...,k,  − regulatory parameter. v − learning rate ^  = me − me, j 1,...,m Brj = Brj − v(AiEr + Brj ) decreases, the number of iterations should be increased. Otherwise, the number of iterations, see Fig. 1, will not change.

As an alternative, the acceptable factorization precision can be specified. If this accuracy is achieved, then the algorithm shown in Fig. 1 stops. As indicated above, working with the second matrix, concerning the categorization of user types on information security issues, is similar.

As part of the study, an algorithm was proposed for a DSS that helps improve the quality of education and the degree of security of the DEEU based on the analysis of users’ DT. The algorithm is based on matrix factorization of users’ DT in the DEEU. The proposed solution allows us to mitigate the problem of developing the competency profile of students and employees, primarily in matters of acquiring IS skills. This, in our opinion, generally contributes to increasing the degree of security of the central communication system. Mastering new competencies related to information security issues expands the profile of not only students but also university employees. This, ultimately, contributes to the formation of future specialists who have a proactive position in information security issues and are capable of self-organization in this subject area. It is shown that the implementation of artificial intelligence methods in such DSS can be realized based on machine learning using matrix factorization. The implementation of such intellectual tools in such DSS will make it possible to qualitatively select educational material, in particular, on information security issues. Such material will be of interest to students since it is focused on their characteristics and will involve them in the learning process as much as possible.

The work was carried out within the framework of grant research IRN AR 19678846 “Increasing the efficiency of hybrid and distance forms of organizing the educational process based on the development of university infrastructure in the context of digital transformation” (Republic of Kazakhstan).