In particular, adequate approaches to assessing the quality of system functioning allow formalizing the task of ensuring functional stability and timely responding to external influences.

To assess the quality of functioning of a complex organizational and technical system, we will use the tasks of collective arrangement of objects, which are a wide class of tasks for modelling practical situations in different subject areas [10, 11]. Modelling and optimization problems of functional stabilityin terms of decision-making theory using expert technologies is a promising area of research [12, 13].

The traditional measure of management quality exists for closed (stable) cybernetic systems, within defined variable boundaries, aligned with the system's structure goals. When this system loses functional stability, the concept of management quality ceases to exist, and a new structure will have its own management quality. To ensure the reliable functioning of this model, the organizational system requires formal and documentary establishment of responsibility for task execution by employees.

In the work [14] there are different approaches to ensure protection of information stored in an enterprise's organizational system. The main focus of experts in this area is on adaptive security approach. Security assessments have long been regarded as an activity that usually requires human experience and a thorough understanding of policies and standards. However, once data volume is large and very diverse, the amount of time and money required to determine compliance with existing regulatory standards and policies rises, as well as the number of possible inaccuracies, measurement errors, misinterpretations, etc.

In [15, 16], the authors describe maturity models, describe and determine the state of perfection or completeness (maturity) of certain capabilities. The application of this concept is not limited to any particular domain. The progress in maturity can either be seen as a defined evolution path (life cycle perspective) or potential or desired improvements (potential performance perspective). Therefore, maturity models define simplified maturity stages or levels which measure the completeness of the analyzed objects via different sets of (multidimensional) criteria.

In the work [14], the levels of Maturity is the result of the assessment of the fulfillment of the factors and indicators within the areas or dimensions of the organization.

In a systematic review of literature, Schweigertet al. identifies around 40 maturity models for agile development. Despite the increasing need for agile maturity models, none of the models proposed in the literature are commonly used in practice or academia, according to the findings [7].

Paper [15] presents various approaches to ensure complex protection in enterprise organizational systems. The main effort of experts in this field is on adaptive security systems. Security assessments usually regarded as an activity that requires human experience and a deep understanding of standards and policies. If the volume of data is large and diverse, the amount of money and time required to determine compliance to regulatory standards and policies is high enough, as well as the number of possible measurement errors, inaccuracies, misinterpretations, etc.

Paper [16] presents some maturity models. The state of perfection and completeness for certain capabilities is described. The applications of the concept presented are not limited to any particular domain. The progress in maturity can either be seen as a defined evolution path from life cycle perspective or as desired improvements from potential performance perspective. Thus, maturity models define simplified maturity levels which represent the completeness of the analyzed objects via different sets of multi-dimensional criteria [17, 18].

With some conventionality, we can assume that the purpose of a complex system is the sequential or parallel execution of a set of tasks that ensure the reliable operation of all elements of the system. Given this assumption, we will consider the model of complex security of a complex system. Let some resultant ordering n functions (tasks, operations) R* = (ai1 ,..., ain ) , ij  I = 1,..., n, j  I , be given, which is built considering the sequence of tasks, which characterizes the functioning of some organizational and technical system. Ordering R * reflects the logic of solving the problem faced by the system, and is built on the basis of individual ordering of tasks, which are performed by k system elements Ri = (a1i ,..., an ), i  J = 1,..., k, i where ni ,i  J ,− the number of tasks in the individual arrangements that are performed by i − th system elements. We denote by Ai , i  J , the subset of functions, performed by i − th system element. Each task ensures the quality and safe operation of organizational system from the set of tasks A = a1,...an is characterized by two parameters: ci0 − the nominal cost of execution or the need for a resource, i  I ; ti0 − nominal execution time, i  I .

When performing the i − th task of some j − th organizational system element, it is known: cij − the real cost of the task, i  I , j  J ; tij − real-time task execution, i  I , j  J .

In the process of functioning in real conditions, the situation described in the problem statement can differ significantly from the idealized one. In the event of temporary or long-term failure of a system element, all functions to be performed by this element are not performed by the system. To perform them, it is necessary to decide on the redistribution of functions or their replacement.

We suppose, that i − th system element is absent and subset Ai , i  J , tasks are performed by element with index j, j  J , or several elements ( ki , ki  k, ) with indexes jt  J \ {i}, t = 1,..., ki. Thus, according to the accepted heuristics [19], quality of the subset problems performance Ai , i  J , can be close to 80% of the nominal. And due to the additional load on items with indexes jt  J \ {i}, t = 1,..., ki , the quality of subset tasks performance A jt , jt  J , t  J \ i, i  J , will also decrease significantly.

Quality of task performance from a subset Ai,i  J, and A jt , jt  J , t  J \ i, i  J , can be set in the described case also by membership functions (MF) ij (x),i  J , j  J i , де x  100%, J i − a set of subtask indexes belonging to a subset of tasks Ai , i  J.

That is, with a significant additional load on the element of the system, which is transferred to perform the tasks of the missing element, significantly reduces not only the quality of new tasks, but also the tasks, that it previously performed in a normal mode. This model should consider additional features: • with a significant additional load on the system element, the quality of additional tasks significantly decreases, for example, by a linear function, the parameters of which can be assigned separately for each decision situation; • the load on the elements of the system cannot exceed a given value, for example, 2 T , where T is the time limit.

Heuristics E1. The element of a complex system, to which the execution of functions (subtasks) is delegated, must dominated the quality of temporary replacement of the subtask execution and perform subtasks of providing the relevant security service no worse than the previous element.

In the models, discussed in this work, the connections between elements and the functions, which they perform, are usually one-sided. To assess the quality of complex organizational system functioning, we will use a number of heuristics, that allow us to define a poorly structured problem and formalize the various manifestations of uncertainty, that naturally arises in the functioning of complex systems.

The description of the considering problem in terms of functional stability is reasonable and perspective. Modeling the functioning of the system, using orders and quasi-orders [20, 21] does not always give a positive result. At the same time, the use of an incident matrix can lead to a significant loss of information about the features of the implementation of IT-processes in the system.

To describe the model of functional stability of the system, we introduce several heuristics. Heuristics E2. The system element performs its main functions with 100% quality.

Heuristics E3. Execution of functions for a longer period of time causes a decrease in the quality of function implementation. The most difficult stage of functional analysis is to determine the effects and the level of their intensity for critical elements. Actually, functional analysis is to identify and classify such critical elements.

Heuristics E4. There is an interchangeability of elements in the system. The quality of the replacement of a system element, that has temporarily or completely failed, can be critically low and even dangerous for the further functioning of the system. But it always exists and can be classified or digitized, for example, by expert methods.

Quality of functions performance from subsets

Ai , i  J , t  J \ i, i  J , can be set in the described case and by

A jt , jt  J , MF as well  ij ( x), i  J , j  J i , where x  100%, J i − the set of functions indexes belonging to a subset of functions of a particular system element Ai , i  J. That is, with a significant additional load on the element of the system, which is transferred to perform the task of the missing element, significantly reduces not only the quality of new tasks, but also the tasks that he previously performed normally. This model should consider additional features.

In addition, in a situation of long-term absence of a system element there are additional costs: losses in duplicate execution of subtasks described by MF; the cost of time and resources to find and replace the missing element of the system; payment for external recruitment or involvement of external repair services in technical systems; the cost of time and resources of the entire system, depending on the probability of a successful search for a replacement item that is excluded from the system; the cost of the procedure of adaptation of a new element, the cost of interaction with adjacent interconnected elements (the effectiveness of this procedure and its duration can also be described by MF); when modeling the described situation should also consider the duration of the new element in the system, the cost of functioning of such a set of tasks in the market and other factors. The calculation of the results of the integrated quality assessment of the functioning of the organizational and technical system is an important step in ensuring the decision-making. The high probability of realization of possible external and internal threats of cybersecurity requires immediate decision-making according to the situation. In addition, a person's ability to simultaneously analyze multiple indicators is limited. Therefore, the task of adequate determination of the integrated indicator of the quality of the system is relevant and its solution contributes to the rapid increase of the functional stability of the system.

Today there is a group of indicators that are used to determine the general condition of systems. One of the common tasks of expert evaluation [22] is the choice in a pre-fixed class of relations of some resulting (group, collective, compromise) connections. At the same time, on the basis of several contradictory indicators, the aggregation (generalization, etc.) of indicators into a single integrated indicator is carried out. To construct a convolution (generalized, aggregating, integral, integrative criterion of object quality) means to supplement a partial order on set of objects. This can be done in many ways and necessarily includes an element of subjectivity.

To determine the integrated assessment, we build a matrix of frequencies of different levels of functions quality V = (vij ), i = 1,...,100, j  n. Each row of this matrix displays the estimated level of function quality from 0% to 100%, and the column shows the number of functions with the specified level of performance. The granularity of the universal set must be considered.

To determine the integrated level of quality of the complex system at the first stage, we classify the functions by the level of quality and completeness of their implementation.

Heuristics E5. Integral quality requires the use of heuristics. An integrated assessment of the complex security system quality will be determined using an additive criterion. In this case, we use a number of heuristics that allow to justify the adequacy of the calculation of a single integral value of the criterion.

Determining the integrated level of complex weakly structured system functioning quality based on the analysis of interchangeability of its subsystems and determining the best options for improving the quality of functions requires the creation of an appropriate mathematical model.

In the general statement, the process of building an organizational and technical system can be seen as a decision-making process – that is, identifying options for hierarchy, interaction and interchange of system elements. With some conventionality, we can assume that the purpose of a complex system is the sequential or parallel execution of a set of tasks that ensure the reliable operation of all elements of the system. Based on this assumption, in the works [23, 24] the model of complex security of a complex system is considered and investigated.

The peculiarity of the system being modeled is that it has a hierarchical structure, and the functions performed by the system elements are not independent. In the general case, the following components should be considered when modeling the system: • the level of control of the element, the subordination of the element to the highest element in the hierarchy, the sets of subordinate elements of the lower level, functional subordination, basic functions, the level of quality of functions, related functions, the level of quality of related functions; • establishing hierarchical links between elements of the system and determining the levels of influence of one element on another or the absence of such influence; • the level of influence of the unit control element on the system as a whole; • the functional subordination of elements has a significant impact on the interaction between units; • level of influence according to the register of positions with double and triple subordination; • interaction between elements according to the register of functions at interaction between units: cross-functional business processes.

Decision-maker can choose one or more options for system management strategy to ensure its functional stability: • zero quality of performance of function is allowed, i.e. decision-making of decision-maker that function for some time or forever is not carried out by an element and system as a whole is allowed; • ignore the need to perform some function and thus change the structure of the system; • replace a system element or some of its functions with another element, realizing that the quality of functioning of the entire system will be lost; • decisions on the critical performance of certain functions or the admissibility of nonperformance of certain functions are made at a higher level of management.

This work does not describe the architecture of the system: we note only that it has a hierarchical structure. These aspects require further research and will not be considered in this work.

Nominal resource requirements, in particular, the cost and time of each function, have the values that are acquired when performing the function of complex security in normal mode when it is performed by an element of the system that performs the function according to the a priori approved staffing schedule and better perform no system element is capable of this function. Additional parameters may be specified for specific applications to ensure the reliable operation of the organizational system, but we will not consider them in this paper. In the process of functioning in real conditions, the situation described in the problem statement can differ significantly from the idealized one. In the event of temporary or long-term failure of a system element, all functions, which are performed by this element, are not performed by the system. To perform them, it is necessary to decide on the redistribution of functions or their replacement.

We can build a matrix of functions performed by system elements: F i = ( fi0 , fi1) , where fi0 = ( fij0 , j = 1,..., ni ),i  I − main functions vector of i − th system element, fi1 = ( fi1s,cis , s  j 1,..., ni , s = 1,..., i ),i  I − related functions matrix of i − th system element, cis , s  j 1,..., ni , s = 1,..., i ,i  I − performance quality level of s − th related function by i − th system element.

We denote by Ai , i  J , subset of functions performed by i − th system element.

Each task for ensuring the quality and safe operation of the organizational system from the set of tasks A = a1,...an is characterized by two parameters: ci0 − the nominal cost of execution or the need for a resource, i  I ; ti0 − nominal performing time, i  I .

Each element of the system in normal mode performs the tasks assigned to it and has limited ability to perform the entire subset of its tasks:

when for each element of the system or group of elements restrictions on resources on time of performance of a task are established. As we approach these limits, the quality of complex security of any element of the system drops significantly and there are threats to the complex security of the entire system.

Restriction ( 1 ) is the cost of performing tasks as an element of the organizational system – an analogue of the employee's salary in business process modeling, and restriction ( 2 ) is a time limit – an analogue of the monthly norms of working hours during the operation of organizations. When performing regulatory tasks defined by the nominal tactical and technical characteristics of the complex security system, the needs of the system and its elements in resources ( 1 ) - ( 2 ) are constant, and the quality of tasks by all subsystems and the system as a  cij = C j , j  J , aijA j tij = T , for j, j  J aij A j Note that restrictions may be imposed for some tasks tij = T j , j  J , aijA j ( 1 ) ( 2 ) whole is 100%. In practice, ensuring such a situation requires the use of significant resources and in some cases is unattainable.

Nominal tactical and technical characteristics of the complex security system are characterized by the need for various resources the most important of which in many organizations are: n  ci0i = C 0 – system operating budget, i=1 n ti0i = T 0 – the total need for time to perform system functions.

i=1

Suppose that i − th system element is absent and subset tasks Ai , i  J , are performed by the element with index

j, j  J , or several element ( ki , ki  k, ) with indexes jt  J \ {i}, t = 1,..., ki. Thus, according to the accepted heuristics, quality of the subset problems performance Ai , i  J , can be close to 80% of the nominal. And due to the additional load on items with indexes jt  J \ {i}, t = 1,..., ki , the quality of subset tasks performance A jt , jt  J , t  J \ i, i  J , will also decrease significantly.

All organizations strive to develop their staff, technology, culture, but most organizations do not bring their intangible assets to strategic alignment. With some conventionality, we can postulate that the key to creating such a correspondence is "granularity", or detailing, i.e. the operation is not general, but specific formulations.

Heuristics E6. We will consider, that at construction of model of system it was possible to distribute all functionality of its elements on such functions, which are the constant units commensurate with each other. That is, the complexity and quality of all functions can be considered as values of the same order. It should be remembered, that the functions, performed by the system, of course, are different in priority, importance, weight, impact on other functions, labor effort to implement them, and so on.

Sometimes it is enough to enter several subsets to digitize (arithmetic) the scale. To define the concept of security, the whole set of states of the system is divided into subsets: Sc − correct states (failures are absent); Sw − working states (there are one or more failures, that do not lead to change (deterioration) of the system parameters values due to the availability of redundancy); S z − protective states; Sn − dangerous states.

Existing tools for assessing the effectiveness of the organizational system, which are the result of the "best practice" use include models of maturity and models of process capabilities [14, 25]. Typically, various tools for evaluating the effectiveness of the complex security management system use a maturity assessment system, that scales from 0 to 5, with 5 being the highest level of maturity in Table 1.

To build an integral quality function, the decision-maker system determines discreteness or granularity: the heuristic, adopted depending on the desired level of detail, that suits the decision-maker, corresponds to the desired accuracy of the problem, the peculiarities of the used formulas and the allowable accuracy of calculations and rounding acceptable for decision making. An important feature, that affects the complexity, accuracy, adequacy of the model, is the choice of granularity size.

Heuristics E7. When determining the grain size, the expert can choose the intervals of 1%, 3%, 5%, 10%, etc. The choice of interval depends on the need to detail the task. It is important that the intervals are the same - for ease of calculation and sufficient intuitive validity. MF of a fuzzy set of type 2 and above will be called blurred MF. Blurred MF is interpreted as an area of insensitivity (inaccuracy, uncertainty) of the expert in determining the MF of objects x, x  X , to set A. The size of the interval, ie the "degree of confidence" of the expert in his assessment, is a characteristic of the quantitative measure of this inaccuracy. Formally, this uncertainty can be determined using "granularity" [26], which reflects the degree of inaccuracy of the measured parameter in relation to the value of "grain". "Grain" is an indivisible (of course inaccurate) unit of measurement of this parameter In our case, such a parameter is the MF itself, which is determined in the interval [0,1], the smallest unit of which determines the limiting grain size of the scale. The grain size is determined based on the "limits of distinction" of the grains for the expert

С1. We will use the term "evenly distributed blur", when under the conditions of the problem the whole set of admissible values of the blurred quantity is equivalent (all values in the interval can be acquired "equally") or when only the range of blurred values is known and there is no possibility to obtain more detailed information about this interval. Blurred MF in the case of "evenly distributed blur" can be specified: in the interval form,  A (x) [ AH (x), AB (x)] ; indicating absolute inaccuracy,  A (x) =  A0 (x)   A (x) , where  A0 (x) − the "most probable" value of the MF value x to subset A,  A (x) − "measurement accuracy"; indicating relative inaccuracy,  A (x) =  A0 (x)  A0 (x) ,   (0,1] .

С2. ”Multivalued (discrete, point) blur”, when the results of individual measurements of the blurred quantity are obtained in the form of point estimates and they do not coincide with each other.

С3. "Three-point blur", when the limits of change of the blurred value are known, as well as its most probable or most desirable value for the expert. This method of specifying the blurred value can be described, for example, by a triangular MF.

С4. "Unevenly distributed blur" when the blurred value of the MF is described by some function that is not necessarily triangular or trapezoidal. Using the concept of granularity, we can determine the "degree of accuracy" of expert assessment. We denote this measure by  ( 1 ), and the grain size – through  ( 2 ). Then, depending on the method of representation of the blurred MF, the value  ( 1 ) is determined by one of the formulas:  ( 1 ) = ( 2 ) /  AB (x) −  AB (x),  ( 1 ) = ( 2 ) /  A (x),  ( 1 ) =  ( 2 ) / ( 3 ) ( A ( x )) , де  ( 3 ),  ( 3 )  0,1,− measure of the expert's confidence in the assessment.

If the distribution of values within individual intervals is not uniform in determining the resulting intervals, this is also considered accordingly. Finally, the resulting intervals of MF are 1/ 2( AH (xi ) +  B (xi )), if  AB (xi ) −  AH (xi ) ~ ( 2 ),  A (xi ) =  A

 AH (xi ), AB (xi ), if  AB (xi ) −  AH (xi )  ( 2 ), i  I. determined by applying to them the defined criteria of "degree of inaccuracy" of the assessment, which are based on the proportionality of the defined interval with the "granularity" of the measurement scale. The resulting MF are defined as a point or interval, on the principle:

With the significant additional load on a system element to which functions of an absent element have been assigned, the quality of not only the performance of new functions but also the quality of functions it previously normatively executed is significantly reduced [27]. In such a model, additional heuristics should be utilized.

Heuristic E8: With significant additional load on a system element, the quality of its execution of additional tasks decreases significantly, for example, following a linear function, the parameters of which can be assigned separately for each decision-making situation.

Heuristic E9: The load on system elements should not exceed a specified limit, for instance, 2*T, where T represents a time constraint established by formula ( 2 ).

The application of heuristics E8-E9 results in determining new levels of task execution quality and the system's overall functioning quality. Additionally, changes occur in the resource requirements necessary for task execution in the new conditions when all the tasks of the absent system element are transferred to another element.

If it's known that a system element is temporarily absent, and an experienced decisionmaker understands that there's no urgent need for the execution of this element's functions, a decision can be made to temporarily suspend the execution of the respective functions.

Heuristic E10: If there's no responsible element for performing an autonomous function, the quality of executing the function gradually declines over time. The pattern of the decline in the quality of performing functions can be determined separately for each individual case.

Heuristic E11: If a function for which no executor is defined is not autonomous, meaning other functions depend on its execution, the formula for changing the quality of performing dependent functions is determined separately for each specific decision-making situation.

The decision to ignore functions temporarily left without an executor is highly responsible and requires continuous monitoring by the decision-maker or a controller appointed by them. During each monitoring iteration, an evaluation is made of the change in the organization's functioning quality in accordance with heuristics E10-E11. 10.

To confirm the effectiveness of the mathematical model based on heuristics E2-E5 as formulated in this work, a computational experiment was conducted. This experiment was grounded on a dataset provided by the company "Modern Trading Technologies" (Kyiv, Ukraine). It took into consideration the need to ensure the confidentiality of information and the preservation of commercial secrets regarding job titles of critical elements and the specification of the functionality of organizational system elements at all management levels. Based on the company's organizational chart, a table of subordination and functionality of critical elements of the organizational system was constructed. The results of the analysis of the organizational chart led to the construction of Table 2.

For the application of multi-attribute selection to the parameter values of critical elements presented in Table 2, these parameter values were transformed into dimensionless form. The results of these transformations are provided in Table 3. It's important to note that these values can be interpreted as the deviations of each parameter value from the optimal.

In the next stage of the computational experiment, expert opinions were used to introduce normalized weight coefficients for each of the parameters characterizing the controllability standards of critical elements. The results of the expert survey are summarized in Table 4.

A mathematical theoretical model of a complex poorly structured organizational or technical system functioning is proposed. Approaches to building a matrix of connections between its elements are considered. The model of nominal needs of the system in a regular situation is described, as well as the model of replacement of functions performed by some element of the system that has failed. Approaches to modelling the results of functional analysis are offered and the peculiarities of the hierarchical organizational system are given. The notion of granularity of a universal set is investigated. The model of definition of quality of performance of functions by elements of system is described which shows that decision-maker can choose one or more options for system management strategy to ensure its functional stability. 12.

The problem described in this work holds broad prospects for researching and modeling the information security of complex systems. Based on the approach described, new problem formulations can be developed, and new approaches to enhancing modeling adequacy can be determined. To account for the specifics of real systems more comprehensively, it is necessary to complexify the described mathematical model [28, 29]. This can include considering factors such as: • Determining the limits of resilience reduction in the system, assessing threats to its overall security. • Evaluating the acceptable level of reduction in the overall security of system elements and task performance. • Taking into account the presence or absence of connections between tasks: the impact of one task on the quality of performance of other tasks. • Solving optimization tasks for forecasting the quality of system operation, the cost of ensuring this quality, and calculating allowable time expenditures. • Restoring the acceptable level of system operation quality when multiple elements fail: determining the necessary conditions for operation. • Formulating the problem of determining the integral quality of system operation in a fuzzy setting. • Creating a model of the impact of recruitment performance on the overall system performance. • Compiling a registry of employee motivation models for units. • Solving the problem of forecasting personnel load at the current staffing level: generating options for task execution by elements. • Establishing the level of departmental operation reliability in the current personnel status – determining the "margin of strength." • Developing procedures for comparing the level of comprehensive security provision depending on the decision to personalize task execution. • Constructing a function for a priori linguistic variables with approximate names such as "critically acceptable level of comprehensive security," "system's risk operation," "sufficient level of comprehensive security," "high level of comprehensive security," and so on. 13.

The peculiarity of the system being modeled is that it has a hierarchical structure, and the functions performed by the system elements are not independent. In the general case, the following components have been considered when modeling the system: the level of control of the element, the subordination of the element to the highest element in the hierarchy, the sets of subordinate elements of the lower level, functional subordination, basic functions, the level of quality of functions, related functions, the level of quality of related functions; establishing hierarchical links between elements of the system and determining the levels of influence of one element on another or the absence of such influence; level of influence according to the register of positions with double and triple subordination; interaction between elements according to the register of functions at interaction between units: cross-functional business processes.

This work does not describe the architecture of the system: we note only that it has a hierarchical structure. These aspects require further research and will not be considered in this work. 14.

With the loss of functional stability of this system, the concept of quality management does not exist, and for the new structure will have its own quality of management. To ensure the reliable operation of the described model, the organizational system requires formal and documentary responsibility consolidation for the tasks performances by employees. Based on the developed model of a complex organizational system with critical infrastructure and the analysis, presented above, the following conclusions can be made: the model of the restoration problem of admissible quality level of system functioning at failure of several elements is considered: definition of necessary conditions of functioning; a priori assessment of the system reliability in safe mode is allowed; helps to increase the efficiency of communication between employees and departments; the delimitation of responsibility areas of managers and the definition of their powers; improved understanding of the functionality by employees and its formalization; the use of resources of the organizational system by eliminating duplication of functions is optimized; helps to improve coordination between departments; avoids uncertainties in the interaction between managers and departments. 15. [11] Umbreen F., Mubasher A., Nauman A., Rafiq M. (2015). Numerical modeling of susceptible latent breaking-out quarantine computer virus epidemic dynamic, Heliyon, 4, No. 5, e00631, 1-21, DOI: 10.1016/j.heliyon.20iS.e00631. [12] Hnatiienko H., Tmienova N., Kruglov A. (2021). Methods for Determining the Group Ranking of Alternatives for Incomplete Expert Rankings. In: Shkarlet S., Morozov A., Palagin A. (eds) Mathematical Modeling and Simulation of Systems (MODS'2020). MODS 2020. Advances in Intelligent Systems and Computing, vol 1265. Springer, Cham. https://doi.org/10.1007/978-3-030-58124-4_21. Pp. 217-226. [13] Hnatiienko H., Snytyuk V. (2019). A posteriori determination of expert competence under uncertainty / Selected Papers of the XIX International Scientific and Practical Conference "Information Technologies and Security" (ITS 2019), pp. 82–99. [14] Rea-Guaman, A., San Feliu, T., Calvo-Manzano, J., Sanchez-Garcia I. (2017). Comparative study of cybersecurity capability maturity models. In: Mas, A., Mesquida, A., O'Connor, R., Rout, T., Dorling, A. (eds) Software Process Improvement and Capability Determination. SPICE 2017. Communications in Computer and Information Science, vol. 770, pp. 100–113.

Springer, Cham. https://doi.org/10.1007/978-3-319-67383-7_8. [15] Wendler, Roy. (2012). The maturity of maturity model research: A systematic mapping study." Information and software technology 54.12: 1317-1339. [16] Curtis, P., Mehravari, N., Stevens, J. (2015). Cybersecurity capability maturity model for information technology services (C2M2 for IT services), Carnegie-Mellon Univ, Pittsburgh, PA, US. https://apps.dtic.mil/sti/citations/AD1026943. [17] Voloshin, A.F., Gnatienko, G.N., Drobot, E.V. (2003). A Method of Indirect Determination of Intervals of Weight Coefficients of Parameters for Metricized Relations Between Objects.

Journal of Automation and Information Sciences, 35( 1-4 ). [18] Hnatiienko H. Choice Manipulation in Multicriteria Optimization Problems / Selected Papers of the XIX International Scientific and Practical Conference "Information Technologies and Security" (ITS 2019), pp. 234–245 (2019). [19] Babenko, T., Hnatiienko, H., Ignisca, V., Iavich, M. (2021). Modeling of critical nodes in complex poorly structured organizational systems // Proceedings of the 26th International Conference on Information Society and University Studies (IVUS 2021), Kaunas, Lithuania, April 23, 2021 / CEUR Workshop Proceedings, 2915, pp. 92–101. [20] Voloshyn O.F., Mashcenko S.O. Decision-making models and methods: teaching. manual for students higher education closing / Voloshyn O.F., Mashcenko S.O. – 3rd ed., revision. - K.: Lyudmila Publishing House, 2018. – 292 p. [21] Michel Balinski and Rida Laraki (2020). Majority Judgment vs. Majority Rule. Social Choice and Welfare 54, 429–461. [22] Bozóki Sándor & Tsyganok Vitaliy The (logarithmic) least squares optimality of the arithmetic (geometric) mean of weight vectors calculated from all spanning trees for incomplete additive (multiplicative) pairwise comparison matrices International Journal of General Systems. 2019. vol.48, No.4. P.362-381. [23] Babenko, T., Hnatiienko, H., Vialkova, V. (2020). Modeling of the integrated quality assessment system of the information security management system / CEUR Workshop Proceedings, Volume 2845, 2021, Pages 75-84 // 7th International Conference "Information Technology and Interactions", IT and I 2020; Kyiv; Ukraine; 2-3 December 2020; Code 168286. [24] Babenko, T., Hnatiienko, H., Vialkova, V. (2020). Modeling of information security system and automated assessment of the integrated quality of the impact of controls on the functional stability of the organizational system // Selected Papers of the XX International Scientific and Practical Conference "Information Technologies and Security" (ITS 2020), Kyiv, Ukraine, December 10, 2020 / CEUR Workshop Proceedings, 2859, pp. 188–198. [25] Information technology – Security techniques – Systems Security Engineering – Capability Maturity Model (SSE-CMM). ISO/IEC 21827:2008, (2008). https://www.iso.org/standard/44716.html. [26] Hnatiienko, H., Kiktev, N., Babenko, N., Desiatko, A., Myrutenko, L. (2021). Prioritizing Cybersecurity Measures with Decision Support Methods Using Incomplete Data. Selected Papers of the XXI International Scientific and Practical Conference "Information Technologies and Security" (ITS 2021), Kyiv, Ukraine, December 9, 2021. CEUR Workshop Proceedings, 3241, pp. 169–180. [27] Chadha, Anita (2019). Rank Choice Vote: An idea whose time has come. National Social

Science Journal, 52: 36–42. [28] Dodonov, D. Lande, V. Tsyganok, O. Andriichuk, S. Kadenko, A. Graivoronskaya (2019).

Information Operations Recognition. From Nonlinear Analysis to Decision-Making, Lambert Academic Publishing, 275 p. [29] Donovan, Todd, Caroline Tolbert, and Kellen Gracey (2019). SelfReported Understanding of Ranked-Choice Voting.” Social Science Quarterly, 100( 5 ): 1768–1776.