FORMALIZED DESCRIPTION OF THE PROCESS MODEL FOR DYNAMIC ANALYSIS AND PREDICTION OF INFORMATION SECURITY RISKS FOR PERSONNEL

Abstract

This article addresses the challenge of dynamically assessing and forecasting information-security risks stemming from the human factor amid accelerated digitalization, hybrid work patterns, and evolving access contexts. We propose a process model in which a sequence of functions (f₁-f₈) continuously transforms technical and behavioral evidence into risk-adaptive decisions for access governance, guidance, and response-closing the loop with verifiable auditability and self-learning. The model starts with a multidimensional resource-classification matrix (f₁), proceeds with the acquisition and unification of behavioral/technical signals (f₂), and produces a normalized feature vector Q (f₃). A user digital twin (f₄) runs "what-if" simulations to estimate a probability matrix R over threat classes while an RBAC-blockchain immutably records access transactions. Based on R, the system generates adaptive countermeasures and personalized policies and training (f₅-f₆), collects feedback Fback on effectiveness and behavioral change (f₇), and updates weights, models, and RBAC rules (f₈).
The approach conforms to Zero Trust principles by replacing implicit trust with continuous validation of subjects, devices, and requests, incorporating context and risk. We introduce a thresholding scheme that activates preventive, detective, or corrective controls according to asset criticality and predicted risk; we also outline fine-tuning and transfer-learning procedures to keep models current without excessive computational cost. Personalized dashboards and multichannel delivery reduce the "risk window," whereas qualitative feedback (e.g., content clarity and user satisfaction) exposes elements of security culture.
The proposed model establishes an "analysis-forecast-action-feedback-self-correction" cycle that improves risk-assessment accuracy, enhances response timeliness, and advances transparency in access governance via blockchain-backed audit trails. The results are directly integrable with SIEM/UEBA ecosystems and enterprise access-management platforms and can support organization-wide cyber-literacy programs. By combining classical statistics, modern machine learning, digital-twin simulation, and distributed-ledger auditability within a single engineered workflow, the model delivers an interpretable and evolvable pathway to human-centric, risk-adaptive security in corporate environments.