A process model for dynamic analysis and prediction of information security risks for personnel
DOI:
https://doi.org/10.30837/rt.2025.3.222.07Keywords:
dynamic risk assessment (DRA), digital twin, RBAC-blockchain, UEBA, Zero Trust, feature vector Q, resource-classification matrix, adaptive access policies, insider threatsAbstract
The article addresses the problem of dynamic assessment and forecasting of information security risks driven by the growing role of the human factor amid business-process digitalization, hybrid work models, and a changing access context. The purpose of the study is to improve the accuracy and timeliness of risk management for personnel, enhance access controllability through adaptive policies, and advance audit transparency by integrating an RBAC-blockchain into a closed self-learning loop. The object of the study is the process of dynamic information-security risk analysis in corporate systems with personalized consideration of user behavior. The subject of the study comprises the methods and procedures for constructing a multidimensional feature vector, building a user digital twin, designing risk-adaptive access policies, and implementing system self-learning mechanisms. The authors emphasize that static access-control approaches and periodic audits do not match the dynamics of threats and the contextual nature of resource use. The article analyzes the contemporary components of the process model: (f₁) construction of a multidimensional resource-classification matrix; (f₂–f₃) collection, unification, and normalization of behavioral and technical data into the feature vector Q; (f₄) forecasting risky events using a user digital twin with access transactions recorded on an RBAC-blockchain; (f₅–f₆) generation of adaptive countermeasures and delivery of personalized policies and training content; and (f₇–f₈) Fback feedback collection and self-learning with adjustment of weights, models, and access rules. It is shown that combining statistical methods, machine-learning algorithms, and immutable blockchain logging ensures reproducible auditing, reduces the “risk window,” and supports continuous trust validation in line with Zero Trust principles. A scheme for triggering countermeasures is proposed based on the probability matrix R and the resource’s criticality class. Procedures for fine-tuning and transfer learning are described to keep models current without excessive computational costs. Particular attention is paid to personalized dashboards and multichannel delivery of recommendations that shorten user response time. The importance of qualitative Fback metrics (e.g., user satisfaction and content clarity) is emphasized for revealing elements of security culture. Thus, applying the developed process model establishes an “analysis–forecast–action–feedback–self-correction” cycle that improves the accuracy of risk assessment, enhances response timeliness, and advances transparency in access governance. The results can be integrated into SIEM/UEBA environments, access-management systems, and corporate programs for improving personnel cyber literacy.
References
Papanikolaou A., Varvarousi E., & Gavala E. Postal sector digitalisation: Security and vulnerabilities // International Journal of Applied Systemic Studies. 2024. 11(1). P. 42–51.
https://doi.org/10.1504/IJASS.2024.139211(inderscience.com).
Sèdes F., & Degrace J. (2024). Social engineering and security: From human vulnerabilities to malicious threats // 20th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). 2024. Р. 301–305. IEEE. https://doi.org/10.1109/WiMob61911.2024.10770451.
Marushchak L., Pavlykivska O., Khrapunova Y., Kostiuk V., & Berezovska L. The economy of digitalization and digital transformation: Necessity and payback11th International Conference on Advanced Computer Information Technologies (ACIT). 2021. Р. 305–308. IEEE. https://doi.org/10.1109/ACIT52158.2021.9548529.
Alnafea F. S. M., Sengar A. S., Hamid N. K., Selladurai K. M., Hassan S. I., & Saravanakumar R. Improving multi-factor authentication security with deep learning-based user behaviour analysis // 3rd International Conference on Integrated Circuits and Communication Systems (ICICACS). 2025. Р. 1–5.
IEEE. https://doi.org/10.1109/ICICACS65178.2025.10968961.
Kaur M., & Garg P. Exploring behavioral patterns for security in cloud computing: A case study // 3rd International Conference on Advancement in Computation & Computer Technologies (InCACCT). 2025. Р. 720–725. IEEE. https://doi.org/10.1109/InCACCT65424.2025.11011337.
Terumalasetti S., & Reeja S. R. Enhancing social media user’s trust: A comprehensive framework for detecting malicious profiles using multi-dimensional analytics // IEEE Access. 2025. Vol. 13. P. 7071–7093. https://doi.org/10.1109/ACCESS.2024.3521951.
Korobeinikova T. I. The zero trust model: Theory, practice, and prospect. In Heritage of European Science 2025: Innovative technology, computer science, cybernetics and automation, security systems, transport development, architecture and construction, physics and mathematics (Monographic series “European Science,” Book 37, Part 1, pp. 126–147). European Science. ISBN 978-3-98924-080-3.
Коробейнікова Т., Журавель І., Бодак А., & Бороденко Д. Концепція нульової довіри: сучасні методи за-безпечення кібербезпеки в корпоративних мережах // Вісник Львів. держ. ун-ту безпеки життєдіяльності. 2025. Т. 30. С. 67–77. Retrieved із https://journal.ldubgd.edu.ua/index.php/Visnuk/article/view/2769.
Lee S., Huh J.-H., & Woo H. Security System Design and Verification for Zero Trust Architecture. Electronics. 2025. Vol. 14(4). Р.643. https://doi.org/10.3390/electronics14040643.
Molina M., Betarte G., & Luna C. Consent validation for personal data access control using ABAC // Proceedings of the 13th Latin-American Symposium on Dependable and Secure Computing (LADC ’24). 2024. Р. 30–31. Association for Computing Machinery. https://doi.org/10.1145/3697090.3699803.
Rose S., Borchert O., Mitchell S., & Connelly S. Zero Trust Architecture (NIST Special Publication 800-207) // National Institute of Standards and Technology. 2020. https://doi.org/10.6028/NIST.SP.800-207.
Chandramouli R., Badger L., & O’Rourke D. SP 800-207A: A Zero Trust Architecture Model for Access Control in Cloud-Native Applications. NIST. 2023. https://csrc.nist.gov/pubs/sp/800/207/a/final (csrc.nist.gov).
Cheimonidis P., & Rantos K. Dynamic risk assessment in cybersecurity: A systematic literature review // Future Internet. 2023. Vol. 15(10). P. 324. https://doi.org/10.3390/fi15100324 (MDPI).
Martín A. G., Martín-de-Diego I., Fernández-Isabel A., et al. Combining user behavioural information at the feature level to enhance continuous authentication systems // Knowledge-Based Systems. 2022. Vol. 244. P. 108544. https://doi.org/10.1016/j.knosys.2022.108544 (ScienceDirect).
Al-Mhiqani M. N., Alsboui T. A. A., Al-Shehari T., Abdulkareem K. H., et al. Insider threat detection in cyber-physical systems: A systematic literature review // Computers & Electrical Engineering. 2024. Vol. 119, P. 109489. https://doi.org/10.1016/j.compeleceng.2024.109489 (ResearchGate).
Alcaraz C., & Lopez J. Digital twin: A comprehensive survey of security threats // IEEE Communications Surveys & Tutorials. 2022. Vol. 24(3). P. 1475–1503. https://doi.org/10.1109/COMST.2022.3171465 (NICS Lab).
Ullah S. S., Oleshchuk V., & Pussewalage H. S. G. A survey on blockchain-envisioned attribute-based access control for Internet of Things: Overview, comparative analysis, and open research challenges // Computer Networks. 2023. Vol. 235. P. 109994. https://doi.org/10.1016/j.comnet.2023.109994 (ACM Digital Library).
Punia A., Hoda M., Kaushik K., & Tomar D. A systematic review on blockchain-based access control systems in cloud environment // Journal of Cloud Computing. 2024. Vol. 13. P. 62. https://doi.org/10.1186/s13677-024-00697-7(PMC).
Namane S., Derhab A., Guerroumi M., & Challal Y. Blockchain-based access control techniques for IoT: A systematic review // Electronics. 2022. Vol. 11(14). P. 2225. https://doi.org/10.3390/electronics11142225 (MDPI).
Ямнич А. Б. Модель контролю доступу персоналу до інформаційних ресурсів підприємств на основі RBAC та технології BLOCKCHAIN / А.Б. Ямнич, Т.І. Коробейнікова // Вісник Хмельниц. нац. ун-ту. 2024. Т. 343, №6(1). С. 380–386. ISSN 2307–5732 https://doi.org/10.31891/2307-5732-2024-343-6-56.
Коробейнікова Т. І. Багатовимірна матриця класифікації інформації для оцінки ризиків інформаційної безпеки / Т. І. Коробейнікова, А. Б. Ямнич // Інформаційні технології та комп’ютерна інженерія. 2024. №2. С. 91–106. ISSN 1999–9941.
Korobeinikova T., Tachenko I., Romanyuk O., Romanyuk S., Stakhov O. and Reyda O. Assessing Network Security Risks: a Technological Chain Perspective // 14th International Conference on Advanced Computer Information Technologies (ACIT), Ceske Budejovice, Czech Republic. 2024. Р. 565–570.
doi: 10.1109/ACIT62333.2024.10712586.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
