The functional stability of corporate educational information systems (CEIS) is a key aspect of ensuring the continuity of the educational process and information security. This study proposes a methodology for enhancing the functional stability of CEIS based on mathematical models for risk assessment, financial resource optimization, and cybersecurity measures. The proposed approach includes threat analysis, residual risk calculation, loss prediction depending on response time, and evaluation of security measures' effectiveness. Scenario modeling confirms that the proposed methodology reduces residual risk levels by 40-60% and decreases incident response time to one hour. The results demonstrate that integrating adaptive cybersecurity mechanisms with economic modeling enables an optimal balance between security and costs, enhancing the overall resilience of educational platforms.
approaches. mechanisms.
The issue of ensuring the functional stability of corporate information systems is particularly relevant in the context of growing cyberthreats and the increasing demand for the continuous operation of information platforms. Despite the availability of numerous studies, many approaches are based on static risk assessment and cost optimization methods that do not account for real-time threat dynamics. This highlights the need for adaptive methodologies that integrate economic models, mathematical forecasting, and automated response mechanisms.
The study in [
Cost optimization methodologies for security investments are proposed in [
Methods for attack forecasting using machine learning algorithms are discussed in [
Modern cybersecurity monitoring methods and adaptive models for real-time threat assessment
are examined in [
In [
An approach to automated cybersecurity monitoring and response using blockchain
technologies is presented in [
The literature analysis indicates that most studies focus on centralized or static risk assessment models, whereas adaptive approaches that consider the temporal dynamics of threats require further research. This confirms the necessity for developing integrative methodologies that combine economic, mathematical, and automated mechanisms to ensure functional stability in corporate educational information systems.
Modern methods for ensuring the functional stability of corporate educational information systems (CEIS) reveal several significant limitations that hinder their effectiveness. One of the main drawbacks is the insufficient consideration of the interdependence between costs, risks, and the dynamics of external and internal factors. In many cases, existing approaches focus on specific aspects, such as enhancing information security or optimizing costs, while ignoring the integrative nature of these processes.
For example, in static models, the costs of implementing and maintaining the system are
determined as a one-time expense, whereas risks associated with potential threats may increase
over time due to the evolution of cyber threats or the system’s insufficient adaptation to
environmental changes [
Another important limitation is the insufficient integration of risk-oriented approaches into
economic modeling. In particular, many systems underestimate the role of potential losses
associated with downtime, operational failures, or data breaches. The absence of a comprehensive
integration of costs and risks significantly complicates effective decision-making. For instance, if
security investments do not consider potential losses from realized threats, the allocation of
resources may turn out to be irrational [
As a result, existing methods fail to achieve a proper balance between economic efficiency and functional stability. This highlights the need for the development of integrative approaches that consider both economic parameters and risk factors in a time-dependent perspective. Future research should focus on adapting existing models to the dynamic operational environment of CEIS.
The objective of this study is to develop a methodology for optimizing expenditures to ensure
the functional stability of corporate educational information systems. This methodology integrates
risk assessment, cost optimization models, and cybersecurity measures to enhance system
resilience while maintaining economic efficiency [
The functional sustainability of corporate educational information systems (CEIS) is a key factor in their effectiveness in modern conditions. Ensuring this parameter requires taking into account the complex economic dependencies between the costs of implementation, operation, security measures, and risks arising in the process of use. The economic feasibility of measures should be justified by integrating cost and risk assessments into a single model.
The total cost of ownership (TCO) can be used to describe the cost side, which takes into account all the costs of implementing, maintaining, and upgrading the system over its life cycle. Formally, it can be described as:
T TCO = Cimp+∫ ( Cmaint ( t )+Cupgrade ( t )) dt , 0 (1) where Cimp is the initial cost of implementing the system, Cmaint (t ) is the maintenance cost at time t , and Cupgrade ( t ) is the cost of upgrading technology. Alongside cost analysis, risk assessment is a crucial component. The risks that arise during the operation of CEIS can be quantified using a loss integration model within a temporal dynamic framework: where Pi ( t ) represents the probability of occurrence of the i-th threat at time t , I i is the economic impact of the i-th threat, β s the system’s sensitivity coefficient to changes, and t 0 denotes the initial moment of risk assessment. This approach allows for the consideration of not only the probability and impact of risks but also their dynamic nature within a given time frame.
The optimization of security and system resilience costs can be formalized through a multicriteria model that balances expenditures and risk reduction. The goal of such optimization is to minimize overall costs while ensuring the required level of functional stability. The corresponding model is expressed as:
T min Ctotal =∫ ( k1 ∙ Rloss ( t )+ k2 ∙ M sec ( t )) dt ,
0 where Rloss represents the losses incurred due to risk realization at time t , M sec ( t ) denotes the expenditures on security measures, and k1 and k2 are weighting coefficients that account for the priorities of reducing losses or costs.
Ensuring the functional stability of CEIS also involves the implementation of backup systems. The costs associated with backup measures include additional servers, data storage, and ensuring system availability in case of failures. The system recovery time can be described using a recovery model: (2) (3) (4) Trec = 0
T ∫ ( 1−)∙ f ( t ) dt e−μ∙t
T ∫ f ( t ) dt 0 , where μ is the system recovery rate parameter, and f ( t )represents the distribution of resources allocated for recovery.
The complexity of economic analysis in CEIS lies in the need to account for interdependencies between different system components. For instance, increasing monitoring expenditures may reduce the probability of risks but lead to higher operational costs. Therefore, decision-making must rely on integrative approaches based on advanced mathematical models.
The conclusions drawn from this analysis confirm the necessity of combining quantitative risk assessment methods with economic models that consider the temporal dynamics of costs. This approach enables well-founded managerial decisions regarding resource allocation in educational systems.
The scientific contribution of this study lies in the development of an approach to ensuring the functional stability of corporate educational information systems (CEIS), considering the complex interdependencies between costs, risks, and response speed to incidents. The foundation of this approach is based on mathematical models that allow not only for the assessment of the system’s current state but also for predicting its stability over time. One of the key elements of the proposed methodology is the balancing of expenditures between security measures and backup strategies. This issue is addressed through a model that establishes the relationship between the key budget components allocated for ensuring system resilience: M sec + M backup = C safe , (5) where M sec represents the expenditures on security measures, M backupdenotes the expenditures on backup and recovery, and C safe is the total budget. This model serves as a universal framework for assessing the efficiency of resource allocation, as each of these components significantly impacts the overall system resilience.
For instance, insufficient funding for backup mechanisms may result in prolonged downtimes in case of failures, whereas excessive spending on this area might be economically unjustified. Thus, the proposed approach enables budget optimization based on priorities and actual threats.
Another critical aspect is considering the temporal dynamics of losses incurred during system failures. It has been established that the level of losses can decrease exponentially with a reduction in response time. This justifies the economic feasibility of investing in system responsiveness. To model this, the following equation is proposed:
Rloss ( t )= Rinit ∙ e−k Trec , where Rinit is the initial level of losses, k is the coefficient determining the rate of loss reduction depending on the recovery time, and T rec represents the time required for full system recovery.
This model confirms that even a slight reduction in response time can significantly impact overall economic outcomes. Specifically, analysis shows that the less time is spent on recovery, the lower the risks of incurring major losses, which is crucial for educational platforms where failures can severely disrupt the learning process.
Particular attention is given to evaluating the impact of expenditures on the functional resilience of the system. To model the relationship between security investments and system stability, a nonlinear model is used, which accounts for the threshold effect of security measures’ efficiency:
1 Ssys = 1+e−α ( Msec−Mcrit ) , where Ssys represents the system’s stability level, M sec denotes the expenditures on security measures, M crit is the critical level of expenditures required to achieve a minimum level of stability, and α is the sensitivity parameter that determines how system stability responds to changes in security spending.
This model demonstrates that expenditures below a certain critical threshold have little impact on system stability while exceeding this threshold leads to a sharp increase in effectiveness. This highlights the importance of rational budget management, as excessive investments may become inefficient if the system has already reached the required level of protection.
Thus, the developed models provide a comprehensive approach to assessing and improving the functional stability of CEIS. They enable the integration of economic, temporal, and technical parameters into a unified system, facilitating optimal managerial decisions. This approach not only reduces losses and enhances efficiency but also ensures the economic feasibility of educational platform usage in the long-term perspective.
The functional stability of corporate educational information systems (CEIS) is a critical factor in ensuring the continuity of the learning process, data protection, and effective resource management within an educational institution. In the modern landscape of increasing cybersecurity threats, ensuring system stability becomes a complex challenge requiring the integration of risk analysis mathematical methods, economic modeling, and adaptive cybersecurity mechanisms.
The proposed methodology for assessing and enhancing functional stability consists of the following key stages:
Threat identification and risk analysis—Evaluating potential security threats and their probability of occurrence.
Optimization of security measures and resource allocation—Balancing investments between security measures and backup strategies.
Cybersecurity monitoring and evaluation of security measures’ effectiveness—Continuous assessment of the system’s ability to mitigate risks.
Attack forecasting and incident management—Implementing proactive mechanisms to detect and respond to emerging threats.
To ensure an adaptive approach to functional stability assessment, the following mathematical models are applied:
Cyber risk assessment model, which is based on the probability of threat realization and its potential impact on the system.
Cost optimization model for balancing security measures and backup systems, enabling an optimal trade-off between protection efficiency and economic feasibility.
A stochastic model for incident response time prediction, which assesses the effectiveness of security measures depending on response time.
The proposed approach provides a comprehensive assessment of system resilience and enables effective resource management to minimize potential attack-induced losses. By integrating predictive risk modeling, economic evaluation, and adaptive cybersecurity strategies, this methodology enhances the overall reliability and efficiency of corporate educational systems.
The first stage of the methodology involves identifying, classifying, and assessing potential cybersecurity threats that may impact the functional stability of CEIS. Risk analysis considers the probability of a threat occurring, denoted as Pthreat ( t ), which is determined based on statistical data and attack history. The system’s vulnerability level, represented as Pvuln( t ), depends on the implemented security measures and system architecture. Additionally, the level of threat control denoted as Pcontrol ( t ), reflects the effectiveness of security measures in mitigating potential risks.
Psuccess ( t )=
Pthreat ( t )∙ Pvuln( t )
Pcontrol ( t ) where Psuccess represents the probability that a threat will be successfully executed. (8)
Based on the obtained values, the potential loss level in the event of a successful attack is evaluated as
Nthreats Rattack ( t )= ∑ i=1
Psuccess ,i ( t )∙ I loss ,i ∙ e−λTrec , (9) where I loss ,i represents the potential financial losses resulting from the execution of the i-th threat, and T rec denotes the incident response time. The graph illustrates how losses Rattack ( t ) decrease as the incident response time T rec shortens. This confirms that rapid response significantly reduces financial losses.
The second stage involves determining the optimal allocation of financial resources between security measures and backup mechanisms. To achieve this, an economic model, described in Equation 6, is utilized. By integrating this model with a risk-based approach, it becomes possible to evaluate how financial investments influence the overall security posture of the system. The determination of the optimal expenditure level is carried out by constructing a dependency function between security levels and financial investments, as described in Equation 7.
The third stage involves dynamic tracking of system security levels and predicting potential attacks. This process is implemented through attack trend analysis and the identification of changes in threat levels. By continuously monitoring system activity and analyzing historical attack patterns, it becomes possible to detect emerging threats and adjust security measures proactively. This approach enhances threat intelligence capabilities and allows for the early identification of vulnerabilities, improving the overall resilience of the corporate educational information system.
Anomalous activity monitoring in the system is carried out using machine learning algorithms, enabling the detection of new types of threats.
Attack prediction is based on the analysis of previous incidents and the identification of behavioral patterns of attacking entities.
This stage enables a proactive adaptation of security measures to current threats, minimizing the likelihood of attacks being executed.
The flowchart (Fig. 2) illustrates the cybersecurity decision-making process within CEIS. It begins with threat analysis and attack probability assessment, based on historical data and predictive models. Next, resource allocation is performed, distributing funds and infrastructure between security measures, backup mechanisms, and incident response strategies.
Following the implementation of security measures, effectiveness monitoring is conducted to identify weaknesses and adjust the strategy accordingly. In the event of an incident, a response mechanism is activated, minimizing losses and recovery time. A key component of this process is feedback integration, which allows the system to continuously adapt to emerging threats and improve its resilience.
The assessment of the effectiveness of the proposed methodology for ensuring the functional resilience of corporate educational information systems (CEIS) is conducted based on a quantitative and qualitative analysis of risk levels, cost optimization, and the response system’s time characteristics. The main efficiency criteria include reducing the level of residual risk, minimizing incident response time, optimizing security costs, and ensuring the economic feasibility of the implemented mechanisms. The analysis of indicators is carried out through the modeling of CEIS operation scenarios under different threat levels and security funding conditions.
Determining the level of residual risk is one of the key parameters for assessing the effectiveness of the methodology. Its dynamics are reflected in a formula that takes into account the impact of security measures on the level of threats that remain relevant after the implementation of protection policies:
Rres= Rinit ∙ e−η Msec , (10) where Rinit is the initial risk level, η is the efficiency coefficient of security measures, and M sec is expenditures on cybersecurity measures. This equation demonstrates that as security expenditures increase, the level of residual risk decreases exponentially. However, after reaching a certain critical expenditure level, further increases in security funding do not yield a significant effect. This confirms the necessity of determining the optimal security budget that ensures maximum risk reduction with minimal costs.
Incident response time has a significant impact on overall system losses, as prolonged downtime can lead to substantial economic damage and the loss of critical data. The system recovery time is evaluated using a stochastic model, which considers response speed and the scale of the threat, as described in Equation 9.
The implementation of automated cybersecurity mechanisms and early warning systems significantly reduces response time and, accordingly, the level of financial losses.
To confirm the effectiveness of the methodology, system operation was modeled in three main scenarios. In the first scenario, the system operates without active cybersecurity, leading to a high residual risk level of 85%, while the average recovery time after attacks exceeds 12 hours. In the second scenario, only backup and recovery mechanisms are implemented, reducing the residual risk level to 60% and shortening the average recovery time to 4 hours. In the third scenario, a comprehensive approach is implemented with the introduction of active cybersecurity mechanisms, allowing the residual risk level to be reduced to 25% and the incident response time to be shortened to 1 hour. The obtained results demonstrate that a comprehensive approach, which includes adaptive access control mechanisms, attack prediction, and automated backup, significantly enhances system resilience. A detailed analysis of the dependence of the residual risk level on the level of security funding shows that the optimal budget for achieving maximum efficiency should be at the level of M crit, after which further increases in funding do not provide a proportional increase in security effectiveness. The dynamics of this dependence are described by Equation 7. This model confirms the necessity of finding a balance between the level of cybersecurity expenditures and the overall resilience of the system. Graphical visualization of the obtained results shows that in systems without security measures, the number of attacks remains consistently high, and the recovery costs exceed economically feasible values. The proposed approach helps to avoid such issues and ensures an efficient allocation of resources between security measures, backup, and rapid response mechanisms.
Thus, the conducted evaluation of the methodology’s effectiveness confirms that the proposed approach significantly reduces risk levels, optimizes financial expenditures, and improves the overall resilience of corporate educational systems. The integration of mathematical risk assessment models, economic cost analysis, and automated response mechanisms allows for achieving maximum efficiency at an optimal funding level. The proposed methodology is adaptive and can be used to enhance cybersecurity in various information systems utilized in the education sector.
As a result of the conducted research, a comprehensive methodology for ensuring the functional stability of corporate educational information systems (CEIS) has been proposed, taking into account economic, temporal, and technical parameters. The methodology is based on the integration of mathematical models for risk assessment, cost optimization, and adaptive cybersecurity mechanisms. The developed approach enhances system protection, minimizes economic losses, and ensures uninterrupted operation in a dynamic threat environment.
The proposed mathematical models allow for optimized financial resource allocation between security measures and backup systems while also evaluating the effectiveness of security measures based on incident response time. A comprehensive approach to residual risk assessment and attack prediction improves cybersecurity system efficiency and its adaptability to emerging threats.
Future research directions include the integration of artificial intelligence and machine learning technologies to automate risk assessment, attack forecasting, and decision-making processes. Further advancements in adaptive resource backup models and anomaly detection monitoring will improve system responsiveness and optimize expenditures. A relevant research area is the development of real-time security measure effectiveness evaluation methodologies, which will facilitate the operational adaptation of CEIS to environmental changes.
The proposed approach can be applied to enhance the functional stability of information systems across various industries, including the education, financial, and corporate sectors. While preparing this work, the authors used the AI programs Grammarly Pro to correct text grammar and Strike Plagiarism to search for possible plagiarism. After using this tool, the authors reviewed and edited the content as needed and took full responsibility for the publication’s content.