This study presents the development and implementation of an intelligent model for assessing the level of maturity of information security processes for enterprise management systems and justifies the universality for organizations of various types. The objective of the developed model is to comprehensively support information security specialists and auditors in assessing the levels of maturity of information security processes of management systems. The model was developed using a feedforward neural network based on the ISO 27000 / NIST 800 family of standards security controls. The model allows an accuracy of 96-99% to assess the level of maturity of information security processes in the enterprise. The methodology described in the document can be extended to enterprises with different functions and different forms of ownership. The possibility of assessing the level of security (implementation of controls) based on assessing the maturity of information security processes is investigated. The article evaluates and justifies the universality of the proposed solutions based on the maturity assessment of information security processes built based on 800 standards. The developed model can be used as part of a decision support system to help specialists identify the strengths and weaknesses of existing information security management processes, choose risk treatment approaches to ensure business continuity in a hostile cyber environment, improve the information security management system, which will affect the use of enterprise resources.
The activity of any enterprise is aimed primarily at meeting the needs of stakeholders. Main business
processes are focused on achieving this goal. Therefore, the management of the enterprise is
interested in that the processes within the organization were under control, and functioned as
intended, and the number of threats and errors was minimal. Otherwise, successful threat execution
can lead to data leaks, damage, or unauthorized modification of the information that causes financial
and reputational losses. By threats, we mean a potential threat to information or a system [
Others set to block access and/or maintain data confidentiality across the organization networks: firewalls; means of data encryption; antiviruses and spyware scanners.
In addition, some countermeasures have been developed to quickly restore in the event of a
successful intrusion, such as backup. To improve the efficiency of operational and strategic
management of the development of information systems, a specialized analytical apparatus is needed
for making managerial decisions [
Thus, to provide information resources, it is also necessary to develop information security management systems (ISMS). Since the objects of management are rather complex organizational and technical structures that operate under conditions of uncertainty, for the effective management of such systems, it is advisable to use information decision support systems (DSS) based on intelligent information technologies.
The object of the study is the process of classifying the level of security maturity of information systems using a model synthesized based on neural networks using the backpropagation learning method.
The study aims to develop a model for classifying security process maturity levels and to present a software tool for conducting the audit process.
As part of this study, the following steps are to be carried out: 1. 2. 3. 4. 5.
The accumulation of input data is a collection of elements that describe the characteristics of the available security-related processes.
We are obtaining and processing data to perform simulations.
Synthesis of a neural network.
Neural network training.
Assessment of the adequacy of the synthesized model.
An overview of the maturity models of information security management processes or processes in
various areas [
A study by Faith-Michael E. Uzoka [
An article by Chinese researchers Wei Han, Xiu-Yan Sun et al. [10] explores methods for using data in the field of network security. The authors have classified semantic relationships between network security resource classes, subclasses, and different data types. As a result, better network data security was created due to a single standard for the transmission of an information resource, and a data exchange platform was developed that applies the above metadata standards.
A joint article by Chinese and American researchers Wangshu Li, Wenhao Yan, et al. [11] considers the mathematical apparatus used to protect the information in information systems. In particular, a discrete method for a continuous chaotic system is introduced and the Euler stability principle for a discrete system is obtained. The authors have developed three methods for realizing the synchronization of a discrete chaotic system.
The ISO/IEC 27001 standard aims to create an information security management system in a company [12]. For example, in the ISO 27001:2013 standard, there are requirements for the existence of a risk analysis procedure in an organization. The question always arises: how to meet these requirements, to what extent, and at what level of detail for companies of different sizes. Very often information security managers pay attention to the size of the organization and rarely to the level of its organizational and technological development.
The answer to this question will help to give a maturity model based on an assessment of the level of maturity of the information security processes of enterprises [13].
The process of collecting data from different sources, and pre-processing for use in an analytical
model, is described in [
The maturity model can be considered as a structured set of elements detailing the features of effective ISMS processes, then the number of nodes at the input level is equal to the number of ISO/IEC 27002:2013 controls, and the input data for each node is the calculated value for specific security control, respectively [14].
Thus, the input vector can be defined as in (1):
X T =[ x1 x2 · · · xn] , xi∈ I ={0 , . . . , 5 }, (1) where x1 , x2 , · · · , xn denote the score for ith security control and n is the number of nodes in the input layer.
The output layer of the model consists of 6 nodes representing the level of maturity of information security management processes, as described earlier [14]. The number of neurons in the hidden layer is determined according to best practices since the arithmetic means between the number of nodes in the input and output layers is 60.
To determine the stage of organizational and technological development of the organization the concept of the maturity model was created [16]. There are many maturity models across different fields, including cybersecurity. Global practice shows that often those models are developed by government agencies for specified tasks to achieve national or international standard status. The Cybersecurity Capability Maturity Model enables organizations to evaluate the current level of capability of their practices, processes, and methods and prioritize actions and investments to improve cybersecurity [17]. The base of the Capability Maturity Model is a process-oriented approach. One of the first models of this type was the Maturity Model designed by the Software Engineering Institute (SEI) in the mid-1980th. An overview of information system maturity models, including their origin, is given in [18].
Information security capability maturity models are broadly classified as follows:
Fields: how are general concepts of organizational processes connected? Goals and measures: goals mean the desired values of indicators that should be acquired in each of the model areas, and indicators help visualize progress toward achieving goals. Maturity levels: it is the result of assessing the implementation of goals and measuring indicators in the areas of the organization.
The value of maturity ranges from the initial level, when the organization may have just begun to consider cybersecurity, to a dynamic comparison, when the organization can adapt quickly to changes in cybersecurity on threats, vulnerabilities, risks, economic strategy, or change needs.
The value of maturity ranges from entry-level, when an organization may have just begun to think about information security, to dynamic comparison, when an organization can quickly adapt to changes in information security in terms of threats, vulnerabilities, risks, economic strategy, or changing needs. As a result of a literature review on the topic, the most popular (based on the citation index of publications on this topic according to the Scopus scientometric database) maturity models were identified: SSE-CMM (System Security Maturity Model – Capability Maturity Model) [19,20], C2M2 (Cybersecurity Capabilities Maturity Model) [17,20], CCSMM (Community Cyber Security Maturity Model) [17,21], and NICE (National Initiative for Cyber Security Education – Capability Maturity Model) [21]. A comparative analysis of maturity models in the field of information security is given in Table 1. Defining roles and responsibilities
There are significant similarities between information security capability maturity models. The main difference lies in the area they target and the level of best practices that should be applied. C2M2 is the only mature, cybersecurity-centric information security capability model that is updated and focused on the entire organization. All information security capability maturity models are based on information security risk management, but only SSE-CMM and C2M2 measure risk management in a more specific way.
Other information security capability maturity models include ISM3 [
A new maturity model should be developed if no existing model can solve the identified problem. The developed maturity model of ISMS presented in Table 3 adopts the established structural elements, scopes, and functions of the best practices found in ISO/IEC 27001. An iterative process (in general, two iterations) was established for the evolvement of the specified maturity model, the design process of the model is shown below.
In the first iteration, the characteristics and structure of the maturity model were determined. Five levels of maturity have been proposed: initial, managed, defined, quantitatively managed, and optimized. The first iteration focused on only the planning phase of the ISO/IEC 27001 ISMS process. 2 2 2 4 3 3 3 4 2 2 2 4 4 4 3 4 2 4 2.6 2.8 3.5 3.0
Level 2: Implementing
Improving
Implementation of a risk treatment plan
Implementation of selected control.
Defining measures of the implemented controls’ effectiveness Implementation of training and awareness programs
Management of ISMS operation
Management of ISMS resources Implementation of procedures and other controls to promptly identify security events and respond to security incidents
Reviewing the residual risks Reviewing the identified acceptable risk levels Conduction of regular internal audits
Reviewing ISMS
Updating security plans
Logging actions and events
Ensuring that improvements achieve their intended objectives For each criterion of the maturity model, it was simulated how this criterion manifested itself at different levels of maturity.
In the second iteration, the definition of maturity levels was completely revised, proposing five new levels of maturity: initial, planning, implementing, monitoring, and improving. These maturity levels are based on the PDCA (Plan/Do/Check/Act) cycle used in ISO/IEC 27001. Table 3 describes the controls on which the proposed maturity model is based. It makes it easier for users familiar with ISO/IEC 27001 to understand this maturity model and trace the relationship between what is required in each assessment criterion and the requirements specified in ISO/IEC 27001.
Model tuning is usually superimposed on the model training phase. Some parameters determine how the model performs at a high level (learning function or modality) and cannot be learned from the input. These hyperparameters must be tuned manually, but sometimes they can be tuned automatically by searching the model parameter space – hyperparametric optimization [24]. It is often performed using classical optimization methods: grid search, random search, and Bayesian optimization. The following hyperparameters were used to train the model: a learning rate of 0.3, a weight update rate of 0.2, and a training time of 50. The training data set consists of 10,800 maturity assessment examples, randomized responses to an existing questionnaire, and no human participants. The learning rate is the step size at each iteration that determines how quickly the model adapts to the problem. Momentum is the rate at which the weight is updated. And the training time is the number of epochs that need to be passed through the models [24].
Methods and systems using artificial intelligence (AI) can lead to unexpected results and can be modified to manipulate the expected results [25]. Therefore, the security of the AI itself is important. In particular, it is important: understand what needs to be protected (assets with specific AI threats), understand relevant data management models (including the development, evaluation, and protection of data and the learning process of AI systems), comprehensively manage threats across a multi-stakeholder ecosystem using common models and taxonomies, develop special controls to ensure the security of the AI itself.
For the correct formation of an intellectual system, it is important to follow a structural and
methodological approach to understanding its various aspects [14,16]. Machine learning (ML) is a
part of artificial intelligence. There are several learning models for ML algorithms: supervised,
unsupervised, reinforcement, and partially supervised. The purpose of the reference model is to
provide a conceptual framework that facilitates the allocation of ownership across different assets
and provides a structured way to analyze relevant security threats. Data is one of the most valuable
assets of artificial intelligence [
In addition to choosing a model, we need to choose a training strategy for its modification and increase in efficiency. There are many training algorithms for error minimization, most of which are based on gradient descent. The backpropagation method is an iterative method based on the algorithm for updating multilayer perceptron scales by calculating stochastic gradient descent [31,32] to minimize neural network error. When this method is iterated, the error signals are distributed from the outputs to the inputs of the network. However, this method requires the use of a differentiated gear ratio. A cutting linear unit [33] or a rectified linear unit [34] (ReLU) is a differentiated gear ratio (activation function), which is mathematically defined as follows (2): f ( x )=max ( 0 , x ) , (2) where x is the input value of the neuron.
According to the circuitry, it is an analog of a semi-periodic rectifier. This gear ratio was introduced for dynamic networks by Hahnloser and others in 2000 [35] with a biological basis and mathematical justification. ReLU is often used in computer vision and speech recognition tasks.
The input data for our experiment was provided by one of the Ukrainian companies as part of a joint research project with Taras Shevchenko National University of Kyiv. The data was generated by a questionnaire based on the comparison of ISO 27000 standards and ISO 21827:2008 standards to assess maturity for the specific purposes of this study.
The international standard ISO/IEC 27002:2013 [36] provides recommendations for the development and implementation of ISMS by organizations in terms of selecting and managing controls, taking into account existing risks. Contains a complete description and recommendations for implementing an ISMS (compared to ISO/IEC 27001:2013). The standard contains 14 clauses containing 35 main categories of information security and 114 controls, a list of which is presented in the ISO/IEC 27001 standard, Appendix A [37]. The order of the sections does not reflect their importance to a particular organization. The questionnaire was prepared to take into account all domains and controls of the ISO/IEC 27002:2013 standard. An example of the structure of ISO/IEC 27002:2013 controls is shown in Figure 3. A sample questionnaire (questionnaire fragment) is shown in Figure 4.
An expert (auditor) evaluates each specific security measure (columns 1-2) on a 6-point scale (0..5). Let A j be an attribute that represents the evaluation of the jth security control. The attribute takes values in the range from 0 to 5. Mathematically, it can be defined as follows (3):
A j∈ I ={0 , . . . , 5 }, (3) where A j is the maturity score of the jth security measure with thresholds: 0 is the lowest and 5 is the highest maturity level. The number of attributes is equal to the number of corresponding security controls from the ISO/IEC 27001:2013 standards (may vary in the range of 0…700). The maturity mapping rule is described in Table 4. The questionnaire has been prepared to consider the following 11 areas of ISO/IEC 27001, namely: 1. Information security policy 2. Organization of information security 3. Asset management 4. Security of human resources 5. Physical and environmental security 6. Communications and Operations Management 7. Access control 8. Acquisition, development, and maintenance of the information system 9. Information security incident management 10. Business continuity management 11. Compliance
The dataset consists of 10831 instances. The data instance consists of two parts, a set of security control scores (Vector 1 .. Vector 5) and an associated class. A fragment of the data set of the enterprise under study for assessing security is shown in Table 5. Vectors 1-5 represent assessments of the levels of maturity of information security processes. The rows of the table represent specific information security measures following the standard ISO 27002. The last column "Data status" can take one of 6 values (Table 4).
A new class attribute has been added to the final data set to indicate that the control set meets a certain level of maturity.
An example of input data is shown in Table 6. The columns of the matrix contain the assessment of the auditors for each security control. The data fragment of the input parameters of the model includes:
Relations with suppliers (L1-L5) Management of information security incidents (M1-M2) Business continuity management (N1)
Communication security (O1-O8
For the training process of the neural network to assess the information security maturity of the system the application was developed using the WEKA (Waikato Knowledge Analysis Framework) tool (Figure 5), and the requirements for the training parameters of the neural network to assess the maturity of the information security of the system are in Table 7. To check the accuracy of the model, the initial set was divided into smaller ones: 100 000, 250 000, 500 000, and 1 000 000 respectively. Percentage size of the validation set used to complete training A value used to generate the random number generator
prediction default is 500 (used 50 due to data redundancy)
Value 0 to 1, the default is 0.3 0 to 1, the default is 0.2 0 to 100, default is 0
≥0 and less long comma separated list of natural numbers or letters ’a’ (attributes + classes) / 2, ’i’ - attributes, ’o’ - classes, ’t’ - attributes + classes. The default is ’a’ default is 100 A graphical representation of the frequency distribution of data instances in the set of training materials is shown in Figure 6. The results are statistically processed, and the parameters are shown in Table 8. Let’s check if the sample complies with the normal distribution law. As shown in Figure 6 (a) the incoming data sequence has the properties of a normal distribution. The histogram and the normal distribution function built in the Excel package are shown in Figure 6: (b) shows the case for N = 10910, (c) shows the case for N = 1049.
For the above reasons, it was decided to build a maturity assessment model based on ANN (artificial neural network) of forwarding signal propagation with error backpropagation, in particular, a multilayer perceptron. A multilayer perceptron (MLP) is a type of organization of a neural network of direct signal propagation [38]. The typical perception is that of a fully saturated network, which means that each node in one layer has a certain weight concerning each node in the next layer. Typically, it consists of an input layer, hidden layers, and an output layer, as shown in Figure 7.
The model was synthesized based on an artificial neural network of forwarding propagation with backpropagation, MLP, which consists of three layers of nodes: an input layer, a hidden layer, and an output layer. The initial weights are arbitrary. The input layer for an artificial neural network consists of the control objectives implemented in the organization. It is represented by input variables. The output of an artificial neural network is the final value of the maturity level, that is, a verdict or a prediction given the input data. Hidden layers perform certain transformations on the input data. The node in the hidden layer uses a weighted linear sum and, in particular, an activation function. The neural network consists of the management objectives implemented in the organization.
Except for the input nodes, each node is a neuron using a non-linear activation function. MLP uses a supervised learning method called backpropagation for learning. ReLU is used as an activation function, it is used to determine the output of the network. A maturity model can also be defined as a structured set of elements that describe the characteristics of efficient processes or products [28]. Thus, the information security maturity level (ISML) will be calculated according to the formula: n ISML=∑ W ( Ci ) ISML( Ci ),
i=1 where W ( Ci ) is the weight of the ith control, n is the number of controls, ISML( Ci ) is defined according to the rule described in Table 2. (4) (5) (6) Let the initial control weights be defined as:
n ∑ W ( Ci )=1, i=1
The MLP algorithm is implemented in the open-source software WEKA [39], released under the GNU General Public License. WEKA was developed at the University of Waikato (New Zealand) for research purposes. It provides a set of machine learning tools and algorithms for data mining tasks. It contains tools for data preprocessing, classification, regression, clustering, association extraction rules, visualization, and implementation of several machine learning algorithms. WEKA is a free Java class library. WEKA contains an API (Application Programming Interface) that implements existing learning algorithms with minimal settings. So, the functions of the model generator are present in the following code fragments (Figure 8).
This software supports ARFF (Attribute Relationship File Format) data import, an ASCII text file that describes a data model using attributes and data instances. ARFF files are ordered in the following order: relation name, attribute list, and data instances presented line by line [39]. The program has created a file with the model extension. The average model generation time for this data set is 400 seconds. This file will be used to classify new data. The interface of the Weka system, which demonstrates the process of training a neural network with a dataset of 1049 records, is shown in Figure 9. The ReLU activation function is used to determine the output of the network. 3.5.2. Summary Several studies [17,20–23,40–46] can be used to determine compliance with ISO/IEC 27001:2013. However, no maturity model satisfies the requirements of ISO/IEC 27001. Accordingly, if existing models fail to solve the problem, a new maturity model should be developed. First, the basic paradigm of the maturity model was developed, as a result of which the apparatus of neural networks of forwarding signal propagation and error backpropagation was chosen for model synthesis. In addition, a list of requirements for each maturity level was prepared following the requirements of ISO/IEC 27001 and ISO/IEC 27002 standards. For further training and solving the classification problem, a supervised learning algorithm, backpropagation of errors to correct the internal parameters of the model, and activation of ReLU functions. The next step was the development of an algorithm for preliminary data preparation for training and data preparation itself. To do this, a questionnaire was generated taking into account all domains and ISO/IEC 27002:2013 management tools, and data was also generated.
The last step was the synthesis and training of the model using the apparatus of neural networks. In addition to the previously mentioned, the model has the following configuration (Table 9).
The adequacy analysis made it possible to check the degree of correspondence of the model to a real system with a set of certain properties [47] and was carried out in several stages: 1. Evaluation of control coverage using ontological deficits by Wand and Weber [48]. 2. Evaluate the coverage of controls and requirements of ISO/IEC 27001 by the ISMS maturity model using the methodology used when comparing other models.
Wand and Weber define the ontological evaluation of the method to identify four ontological flaws: incompleteness, redundancy, excess, and overload. An ontological assessment of the scope of ISO/IEC 27001 requirements of the proposed ISMS maturity model is presented in Table 10. Based on the results of the analysis, the model is complete as it fully covers IEC 27001 controls. There is no redundancy. However, the ISO/IEC 27001 requirement "4.2.3-d)" has been overloaded because we believe it describes the requirements for three different activities. As a result, three different evaluation criteria were created for this requirement. Finally, the ISMS maturity model covers all the requirements detailed in clause 4 of ISO/IEC 27001, which means that the total score on the same scale is 20.
After the first two stages of evaluation, we evaluated five real organizations T( able 11). For each of these five organizations, an ISMS maturity assessment was carried out and the result is shown in
The left part of the table contains codes of control actions for implementation of the safety measure (see Table 3). Table 12 shows that all safety measures are implemented only in Organization 1 (state administrative institution). The majority of measures (25 out of 30) were implemented in Organization 4 (research institute), while the measures of Group 5 (Improving) were not implemented at all. The smallest number of activities (14 out of 30) is realized in organization 3 (higher education institution), probably, it is connected with the large number of participants in the process and premises and weak manageability of the enterprise.
It can also be noted that the activities of Group 2 (Planning) are implemented at all 5 enterprises, while the activities of Group 5 (Improving) are fully implemented at Enterprise 1 (governmental institution) and partially at Enterprise 5 (software developer).
To achieve a certain level of maturity, an organization must meet all the criteria for that particular level and all levels below [14], for example, an organization at maturity level 3 meets all the criteria for maturity levels 1, 2, and 3. +
Accuracy (significance) is a statistical metric showing the percentage of positive results classified correctly. The low accuracy value is usually associated with a large number of false positive classifications [49]. In addition, the following statistical metrics are used to evaluate models: recall (sensitivity), F-measure (takes values from 0 to 1), Matthew Correlation Coefficient (MCC), or Phi coefficient is used in machine learning as an indicator of the quality of binary classifications, performance receiver (ROC), accuracy-recall curve (PRC), kappa statistics (describes the accuracy of the classifier) [49]. 4.4.2.
To test the accuracy of the model, the original set was divided into smaller parts: 70% for training, 15% for the control set, and 15% for the test set. First, a cross-validation method was performed to determine performance statistics for the model. The model was then trained again but used 100% of the data set to get the most accurate model to get a robust classification model. A generalized error matrix is shown in Table 13.
The inconsistency matrix (Table 14) is used to evaluate the performance of the classification model [49]. It provides information on classification inconsistencies, which can also be used to identify a possible trend in existing errors. The accuracy of the estimate is given in Table 15.
So, the trained model successfully classified 99.649% of the dataset, the reliability of the classifier is 0.9949, which can be interpreted as almost perfect data agreement, and the root means the square relative error is 9.748%. Other model results include true positive rate – 0.996, false-positive rate – 0.001, accuracy – 0.996, completeness – 0.996, f-measure – 0.996, Matthew’s correlation coefficient – 0.962–1, ROC area – 0.998, PRC area – 0.995. + + + 3 Test 5 2000
Level 0 208 6 0 0 0 0
We assessed the performance of each of the evaluation controls, which in turn allowed us to determine the level of maturity of the ISMS for each of the five organizations. The results of the assessment in Table 12 showed that the maturity model correctly identified the level of maturity, and they are consistent with the perception of the maturity of the ISMS implemented in the organization. The results were used by organizations to create improvement plans specifically tailored to their organizational context. The disparity matrix in Table 14 shows that there are misclassifications for the first three classes, which can be caused by an insufficiently balanced dataset. This means that this dataset should be adjusted to achieve better results in future studies. The given values in Table 15 indicate that the trained model describes a real manual process for assessing the maturity of information security at an acceptable level, and it can be recommended for usage in the process of a real ISMS audit.
Thus, a maturity model of ISMS processes has been developed under the requirements and recommendations of ISO/IEC 27001:2013 and ISO/IEC 27002:2013 using the apparatus of neural networks of forwarding propagation of signals and backpropagation of errors. The practical significance of the work lies in the fact that the results can be applied in the activities of a particular institution to improve the system for assessing the security of information systems. The proposed method makes it possible to automate the solution of tasks assigned to an expert: assessing the compliance of information systems with security requirements and making a decision on their use.
Moreover, this approach will be very useful when using other security frameworks, such as NIST (National Institute of Standards and Technology) SP (Special Publication) 800 series and, in particular, NIST SP 800-53 [50]. There are many requirements and a rich set of controls to consider. Therefore, the application of the developed model can significantly reduce the time spent by experts. For a deeper analysis of the usefulness of the maturity model and its improvement, it is proposed to evaluate the use of the ISMS maturity model in various industries. This will lead to a more general and objective validation of the model and will allow for cross-industry benchmarking.
None of the existing maturity models satisfactorily take into account the requirements of ISO/IEC 27001 [37]. Accordingly, it was decided to develop a new maturity model using forward signal propagation and error backpropagation neural networks. The list of requirements for each maturity level has been prepared following the requirements of ISO/IEC 27001 and ISO/IEC 27002.
For further training and solving the classification problem, a supervised learning algorithm, error backpropagation to correct the internal parameters of the model, and the ReLU activation function were chosen. The effectiveness of this model of using artificial neural networks for solving the problem is substantiated. The ISMS maturity model was assessed by a multi-aspect method and statistical means. The proposed model is found to be complete as it fully covers IEC 27001 controls. There is no redundancy or redundancy. The trained model describes a real non-automated process of assessing the maturity of information systems at an acceptable level of security and can be recommended for use in the process of a real ISMS audit.
The model developed from this study can be used as part of a decision support system to enable cybersecurity decision-makers to: 1. Make informed decisions, choosing the best option to mitigate certain vulnerabilities/threats and maintain business continuity. 2. Analyze the strengths and weaknesses of the ISMS processes. 3. Develop a strategy for the evolutionary improvement of the capabilities, efficiency, and effectiveness of the ISMS [16,26].
As a result, it will also help to reduce the time and financial resources for assessing the security of enterprises.
The authors have not employed any Generative AI tools. [10] Han, W.; Sun, X.Y.; He, C.; Tang, L.L.; Kumari, S. A Novel Network Security Data Resource
Description Standard, 2022. [11] Li, W.; Yan, W.; Ding, Q.; Zhang, R.; Chen, Y.C. Discrete Synchronization Method for
Continuous Chaotic Systems and Its Application in Secure Communication, 2020. [12] Hrechko, V.; Babenko, T. Defining the meaningful attributes of network traffic, 2017.
https://doi.org/10.1109/WorldS451998.20 21.9514019. [13] Borisov, I. Overview of the level of maturity of information security processes: about trends and methodologies, 2018. [14] Babenko, T.; Hnatiienko, H.; Bigdan, A. Model for determining the protection level of a complex system, 2022. [15] Jebb, A.; Parrigon, S.; Woo, S. Exploratory data analysis as a foundation of inductive research, 2017. https://doi.org/10.1016/j. hrmr.2016.08.003. [16] Hrechko, V.; Hnatienko, H.; Babenko, T. An intelligent model to assess information systems security level, 2021. https://doi.org/10.1109/WorldS451998.2021.9514019. [17] The Department of Energy, D. Cybersecurity Capability Maturity Model (C2M2), Version 1.1, 2014. [18] Garba, A.; Siraj, M.; Othman, S. An Explanatory Review on Cybersecurity Capability Maturity
Models, 2020. [19] Dubois, E.; Heymans, P.; Mayer, N.; Matulevicius, R. A Systematic Approach to Define the Domain of Information System Security Risk Management, 2010. https://doi.org/10.1007/978-3642-12544-7_16. [20] Team, S.P. System Security Engineering Capability Maturity Model (SSE-CMM): Model
Description Document, Version 3.0, 2003. [21] White, G. The community cyber security maturity model, 2011.
https://doi.org/10.1109/HICSS.2007.522. [22] Group, T.O. Open Information Security Management Maturity Model (O-ISM3), 2011. [23] ISACA. COBIT 2019 Framework: Introduction and Methodology, 2018. [24] Yang, L.; Shami, A. On hyperparameter optimization of machine learning algorithms: Theory and practice, 2020. [25] ENISA. AI Cybersecurity Challenges. Threat Landscape for Artificial Intelligence, December 2020. https://doi.org/10.2824/23 8222. [26] O.A. Manankova, M.Z. Yakubova, M.A. Rakhmatullaev, and A.S.Baikenov, “Simulation of the Rainbow Attack on the SHA-256 Hash function,” J. of Theoret. and Appl. Inf. Tech., vol. 101, no. 4, pp. 1594–1603, 2023. [27] Sarker, I. Deep cybersecurity: a comprehensive overview from neural network and deep learning perspective, 2021. [28] Dixit, P.; Silakari, S. Deep learning algorithms for cybersecurity applications: A technological and status review, 2021. https://doi.org/10.1016/j.cosrev.2020.100317. [29] Xin, Y. Machine learning and deep learning methods for cybersecurity, 2018.
https://doi.org/10.1109/ACCESS.2018.2836950. [30] T. Velyamov, A. Kim, O. Manankova, Modification of the Danzig-Wolf Decomposition Method for Building Hierarchical Intelligent Systems, Int. J. of Adv. Comput. Sci. and Appl., vol.15, no.7, pp. 1160–1167, 2024. Doi: 10.14569/IJACSA.2024.01507113. [31] Werbos, P. Beyond regression: New tools for prediction and analysis in the behavioral sciences, 1974. [32] Rumelhart, D.; Hinton, G.; Williams, R. Learning Internal Representations by Error Propagation, 1986. [33] LeCun, Y.; Bengio, Y.; Hinton, G. Deep learning, 2015. https://doi.org/10.1038/nature14539. [34] Goodfellow, I.; Bengio, Y.; Courville, A. Deep learning, 2016. [35] Hahnloser, R.; Sarpeshkar, R.; Mahowald, M.; Douglas, R.; Seung, H. Digital selection and analogue amplification coexist in a cortex-inspired silicon circuit, 2000. https://doi.org/10.1038/35016072.