The relevance of the study is confirmed by the analysis of the state and prospects for the development of the main laws of cyber security in the world [1], which shows that threats to the survivability of information systems are growing and will continue to grow even more. The relevance of research is because today all organizations are involved in the process of digitization. And any information threats can turn into big losses for the organization.

The survivability of information systems is achieved both by timely changes in information technologies, in particular information protection technologies, and by changing the structure of the information system by new functional and security conditions. It is well known that the successful implementation of ERP systems (Enterprise Resource Planning—ERP) is possible only on condition of careful analysis and reasonable adjustment of the enterprise’s business processes, taking into account the limitations and capabilities of ERP systems [2]. This entails a deep transformation of the information systems themselves. But the most acute issue of transformation of information systems is caused by the need to ensure their viability. According to the provisions of systems theory, modern information systems are complex systems. Therefore, in complex issues of transformation, their behavior cannot always be clear and predictable. Therefore, it is advisable to use mathematical and simulation models to predict the behavior of information systems in the conditions of transformation [2, 3].

Accordingly, an urgent task is to create computer simulation models of the transformation of information systems to increase their survivability in the face of cyber threats.

0009-0008-9947-6653 (Y. Syvytsky); 0000-0002-9457-7454 (V. Shevchenko) © 2024 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). 2. Analysis of existing studies Survivability is understood as the possibility of realizing the goal of functioning in the event of adverse effects [4]. In the conditions of war and the conditions of the existing trends of cyber threats in the world [1] adverse influences take the form of malicious destructive influences. To ensure the survivability of information systems, it is necessary to solve a complex of tasks related to ensuring cyber security, information security, choosing safe structures of information systems, as well as choosing safe organizational structures that ensure the functioning of information systems. The last two questions lead to complex problems of transformation of structures [ 5 ].

Management issues of information and cybernetic security have a complex nature [ 6, 7 ] and lie not only in the technical plane. Many security issues are regulated by relevant regulatory documents, such as NIST standards [ 8 ]. Information security management is based on an objective assessment of the state of objects and threats. This requires the use of specific methods of obtaining numerical estimates of the level of information security, which, for example, for distributed wireless systems are considered in [ 9 ], and for communication systems under conditions of cyber-attacks are considered in [ 10 ]. Adequate use of classic methods of auditing information infrastructures [ 11 ] and assessment of relevant information security risks [ 12, 13 ] is important. Cybersecurity requires the creation and implementation of appropriate complex programs [ 14 ]. Ensuring the survivability of information systems by creating information security systems, which include cyber security systems, is based on a thorough numerical assessment of information security risks [ 15, 16 ].

The considered approaches to ensuring the survivability of information systems based on classical methods of information security management and auditing, unfortunately, do not pay enough attention to prognostic modeling of the development of complex systems in conditions of structural transformation.

The creation of models of dynamic processes, to which the processes of structural transformation should be attributed, are discussed in detail in [2, 3]. The given approaches make it possible to predict the consequences of management decisions made and to find optimal solutions for single-criteria and multi-criteria problems with vector criteria. Simulation modeling methods are based on specific computational methods [ 17 ]. One of the most vivid examples of simulation modeling of dynamic processes is the task of forecasting the dynamics of the development of computer epidemics, which includes the subtask of finding optimal parameters of the cyber security system, which would ensure the containment of the epidemic within the relatively safe limits of the “controlled process” [ 18 ]. To solve multi-criteria optimization problems, approaches based on scalar convolution of vector criteria are used [ 2, 3, 19 ]. Unfortunately, the considered approaches to modeling and finding optimal solutions in the presented works are general and do not take into account many features of the task of ensuring the survivability of information systems.

Paper [ 20 ], which considers the model of cyber protection in the information system of the situational center, and paper [ 21 ] regarding dynamic models of cyber security based on a numerical assessment of the guarantee capability of information systems of critical infrastructure objects are closer to the formulation of the task of this research. The study of the structure of dangers from cyberattacks on critical infrastructure is analyzed in [ 22 ]. Regulatory and legal provision of information security of critical infrastructure objects is considered in [ 23 ]. Approaches to cyber protection of critical infrastructure based on integrated systems at the national level are studied in [ 24 ]. The issue of protecting critical infrastructure objects from cyber-attacks by decentralizing telecommunication networks is discussed in [ 25 ].

The value of research on the protection of information systems of critical infrastructure facilities is that almost all critical infrastructure facilities use complex and functionally rich information systems to ensure their functioning. Information systems are becoming an integral part of critical infrastructure facilities. The regularities that will be revealed when modeling the development of information systems of critical infrastructure objects can be extended to other types of information systems of a similar level of complexity. However, in the reviewed publications, attention is not paid to the modeling of structural transformation processes.

One of the important criteria of structural transformation is the minimization of losses or the maximization of the useful effect. The specified values depend on the costs of information protection, which, according to world experience, should be within 10–20% of the costs of the organization’s information technologies [ 26 ]. The optimization of resource costs was studied in [ 27 ]. Methods of modeling the dynamics of changes in the efficiency of resource use in various organizational structures were studied in the paper [2]. Unfortunately, at the same time, abstract organizational structures were considered without taking into account the existing experience of forming specific organizational structures within the framework of project management approaches [ 28, 29 ]. In addition, the works [ 2, 26, 27 ] did not consider the conditions of structural transformation at all.

In [ 5 ], the task of forecasting the beneficial effect of the organization in the conditions of transformation of the organization structure is considered. It was determined that over time, any organizational structure needs to be transformed to increase competitiveness, adapt to new conditions, specifics of business tasks, a new set of dangers and challenges, etc.

The need to change the structure of the organization is usually caused by very serious reasons. In simpler cases, it is enough to change the technologies used by the organization. At the same time, it should be noted that the development of the beneficial effects of organizations and the development of the beneficial effects of technologies have very similar patterns: exponential, linear, and logistic. The disadvantage of the latter work is the modeling of the structural transformation of exclusively organizational structures. At the same time, approaches to the structural transformation of information systems were not considered. The main hypothesis in the further development of the work was an assumption regarding the similarity of patterns of structural transformations of organizational structures, technologies, and information systems.

During the analysis of existing research, a contradiction was revealed between the need for practice in methods of modeling and optimization of the processes of structural transformation of information systems and the lack of appropriate theoretical and applied approaches.

The purpose of the paper is to increase the effectiveness of the transformation of information structures by forecasting the consequences of management decisions and finding optimal solutions for the structural transformation of information systems by creating dynamic simulation models of the transformation of information systems. 3. Structural and logical models of information systems Information systems of organizations are complex large systems, which does not allow all management decisions regarding structural transformations to be checked in practice. Because it carries the risk of stopping the system and great losses for the organization. But from time to time information systems need structural transformations, in particular, to ensure the required level of their survivability. This happens because, at the first stages of creating information systems, the organization tries to put the information system into operation as soon as possible to receive functional support from it. Setting the task of creating an information system at the first stages may not take into account all the necessary factors. In addition, at the first stages of creating an information system, all the necessary factors may simply not yet manifest themselves and, accordingly, be simply unknown to the developers of the technical task. Further, as the information system is operated, the necessary experience is gained, problem areas are identified, old and new threats are identified, etc. All this may lead to the need to transform the structure of the information system. For example, a common approach is to tie the structure of the information system to the structure of the organization. And for a quick start, that's probably true. But, for example, when creating ERP systems based on the developments of market leaders in the development of ERP systems, the structure of the information system is tied to business processes, which will not necessarily reflect the organizational structure.

Thus, there is a need for periodic structural transformations of information systems. Secondly, checking management decisions regarding transformation in practice is an expensive and dangerous measure. Therefore, it is advisable to use simulation modeling to check the consequences of management decisions and to find optimal solutions for the structural transformation of information systems.

As an atomic (elementary) model of a structure node, we define a certain functional element, at the input of which input resources are received, and at the output, the useful effect is obtained (Fig. 1). The atomic model formalizes the transformation of input resources (equipment, materials, money, personnel, information, know-how, reputation, license, experience, time, etc.) into the output useful effect (safety, profit, production volume, reputation, experience, quality, efficiency, etc.). The output values of one atomic model can be input to another in such a way that a complex model will be formed that is adequate for a complex real object. For example, a structural-logical model of the useful effect of the organization (profit) can have the form of a two-level hierarchy (Fig. 2), consisting of atomic models of the useful effects of personnel, production equipment, and material supply. As another example of a multi-level hierarchical model, we present a model for assessing the security level of an information system depending on the security characteristics of its constituent elements of the information system structure (Fig. 3).

The difficulty of creating such models is that to achieve the required level of adequacy, the complexity of the hierarchical model must be increased both vertically and horizontally. The general procedure for creating models includes: 1. 2. 3.

Creating a set of atomic models and establishing a connection between them.

Analysis of the results of the current modeling on the primary model, comparison with the results of statistical and expert data on the real process.

Deciding to increase the adequacy of the model by complicating it, and adding new elements.

Hierarchical models of real objects often require additional relationships that are not embedded in the hierarchy structure. Fig. 4 shows examples of horizontal communication at one level of the hierarchy and diagonal communication between different levels of the hierarchy in different branches, like the well-known “thick tree” topology of telecommunication networks.

Such structures are called mixed. Research by the authors [ 5 ] showed that almost any mixed architecture without cyclic links can be transformed into a hierarchical one. At the same time, the primary mixed structure and the corresponding hierarchical structure will be identical from the point of view of simulation modeling (Fig. 5). But at the same time, the hierarchical structure will be more organized. Therefore, it will be easier to formalize and implement it in a simulation model.

input data. factors.

It is not possible to provide the model with quality Calculation errors are increasing.

Calculation errors regarding secondary factors become commensurate with the errors of the main The authors’ research showed [ 2, 5 ] that one of the most adequate models, which can equally successfully take into account purely technical and humanitarian factors, are logistic model. 4. Logistic development models In the same way as for Moore’s law, in the absence of restrictions on development, the dependence of the initial useful effect on input resources has the character of an exponent [2]. If the dependence of development is limited from below and above, then this indicates the presence of corresponding horizontal asymptotes, between which the dependence of development is located (the dependence of the useful effect on the spent resources). Such a dependence has an S-shaped character and is most often specified by the logistic function [2] (Fig. 6). = ( − )( − ), (1) − ) asymptotes. ( where is the useful effect, is time (input resource), are the lower and upper asymptotes, is the scaling factor that determines the growth rate and the angle of inclination of the curve at the point of symmetry.

The differential form

makes it possible to establish patterns regarding the growth rate at all values of input resources. The growth rate of the useful effect is proportional to the product of the distances of the value of the useful effect from the lower ( − ) and upper With constant coefficients , , , the given differential equation has analytical solutions = + aging of technologies and structures are known (at least considered a normalized logistic dependence increasing approximately), it is important to reasonably choose the 1 + ( 1 )( ) coefficient significantly simplifies the identification of the growth rate of the logistic curve at the point of symmetry. 5. Computer model of dynamics of structural transformation We will use logistic dependencies to build a general dynamic model of the transformation of the information system at the stages of growth of the useful effect of the and at the stages of the decline of the useful effect of the organization organization = + ( − ) ∙

( − ), = − ( − ) ∙

( − ).

In the second case, the amplitude of the logistic dependence has a negative value ( − ).

The integral form of logistic dependence has the form = ( ) = + where

( ) is the dependence of the growth of the useful effect for the primary structure of the information system.

( ) is the dependence of the drop in the useful effect for the primary structure of the information system due to changes in external conditions and the security situation.

( ) is the dependence of the drop in the useful effect for the primary structure of the information system as a result of the managerial decision to replace it with a more progressive one.

( ) is the dependence of the growth of the useful effect for the new structure of the information system.

Any input resource or a combination of them can be used as a logistic dependency argument. In our case, the input resource is time. The general picture of changes in the level of information security depending on time contains characteristic stages of growth, decline, re-growth after transformations, etc. Modeling of the life cycle of the level of information security of the information system was performed for the indicator tFall=10 weeks. The value of tFall is equal to the abscissa of the symmetry point of the dependence of the fall of the security level ( ), which occurs as a result of changes in external conditions and the security situation. Simplistically, it can be said that the value of tFall characterizes the time of moral aging of existing protection technologies and the existing structure of the information system. (4) (5) (6) (7) m e t s y S n o i t a m r o f n I e h t f o y liit b a v i v r u S time of the beginning of the transformation of the structure and protection technologies tReform (the abscissa of the point of symmetry of the dependence ( ) of the increase in the level of information security for new technologies and new structures of the information system).

Minimization of the information security level can be used as optimality criteria or an integral indicator of the level of information security for the period of work [ , ] in the conditions of transformation .

(8) (9)

In our case, the model was tested for the integral indicator. The mathematical model was implemented in the form of a simulation model in the MatLab algorithmic language. An example of simulation results is shown in Figs. 7–11. The value of tReform varied in the range from 25 to 1. Therefore, the integral criterion has a rather high level of Isum=17.495. The situation can be assessed as satisfactory.

Scenario 4 (Fig. 10). At tReform=5, the integral criterion also has a high level of Isum=19.3381. There is no noticeable gain in reducing the duration of low-security levels. The script can be characterized as a work on prejudice. But the question arises—whether transformations happen too often. Will such a frequency of transformation leave time for the planned operation of the information system?

Scenario 2 (Fig. 8). tReform=15. The integral quality criterion increased almost 4 times Isum=12.1844. The duration of a critically low level of system protection has also decreased several times. But in general, the level of security should not be considered satisfactory.

Scenario 5 (Fig. 11) (tReform=1, Isum=23.3319) has the best indicators of the integral quality criterion. However, the transformation begins almost simultaneously with the implementation of the previous technology and system structure. Doubts about the too-high frequency of transformations only increase here.

The paper proposes a computer model of the transformation of technologies and the information structure of the information system to ensure the survivability of the information system based on ensuring the required level of information security.

The model as part of the management decision support software system allows you to predict the consequences of various management decisions to choose the best one.

The paper uses the criterion of maximizing the lowest level of the organization’s useful effect over the entire forecasting period. The integral criterion of the total beneficial effect that the organization will receive in the event of the implementation of a specific transformation scenario is also used.

Directions for further research. To choose the best transformation scenario, it is necessary to add some additional criteria or check the optimality according to the selected integral criterion not at individual points, but at the entire set of permissible values of the tFall and tReform parameters.