INTERNATIONAL JOURNAL OF INFORMATION AND COMMUNICATION TECHNOLOGIES

FUZZY MODEL FOR EVALUATING INFORMATION SECURITY PARAMETERS OF INFORMATION SYSTEMS UNDER INCOMPLETE AND QUALITATIVE DATA: CONSTRUCTION METHODOLOGY, RULE BASE TUNING, AND DEMONSTRATION CASE FOR ORGANIZATIONS.

Authors

  • Д.И. Прокопович-Ткаченко Университет таможеного дела и финансов
  • Н.К. Жумагалиева Satbayev University
  • Д.Н. Щитов University of Customs and Finance, Dnipro, Ukraine
  • Н.Ф. Мормуль University of Customs and Finance, Dnipro, Ukraine
  • Д.А. Черкасский National Technical University "Dnipro Polytechnic", Dnipro, Ukraine

DOI:

https://doi.org/10.54309/IJICT.2026.26.2.018

Abstract

Abstract. The paper proposes an interpretable fuzzy model for evaluating information security parameters of information systems under conditions of incomplete observations, heterogeneity of sources, and the prevalence of qualitative descriptions. The model is oriented toward the practice of regular management control in organizations of the Republic of Kazakhstan, including the public sector, financial, and educational institutions. The core idea is the separation of observed indicators (technical, organizational, and human factors) from latent security parameters related to confidentiality, integrity, and availability. A Mamdani fuzzy inference mechanism, accounting for rule weights and membership discounting during data gaps, is applied to transition from fuzzy observations to numerical estimates. The input vector includes 11 features: vulnerability and patch management, segmentation, privilege management, IDS coverage, SIEM correlation maturity, backup and recovery, endpoint protection, configuration and change management, incident response, the human factor, and an explicit indicator of observability and data quality. Linguistic variables and membership functions on a normalized scale are presented, along with rule base construction principles and tuning methods: the Delphi expert procedure, quantitative elimination of contradictions, rule weight optimization based on calibration data, and sensitivity analysis. Model quality is assessed by expert consensus (Kendall's coefficient), resilience to noise and gaps (Monte Carlo, coefficient of variation), and practical validity compared to incident data and independent audits of the information security management system. A demonstration case was conducted for a typical public sector organization with a distributed branch network, showing how qualitative observations and incomplete telemetry are transformed into numerical security parameters and risk levels, and how sensitivity analysis guides the prioritization of measures. Limitations and development prospects are discussed, including integration with Zero Trust architecture and the use of multimodal AI to combine logs, network flows, and binary artifacts visualized via the Byte2Image approach.

Downloads

Download data is not yet available.

Author Biographies

Н.К. Жумагалиева, Satbayev University

Nazym Zhumagalieva — Postgraduate Student, Satbayev University, Almaty, Kazakhstan. ORCID: https://orcid.org/0000-0003-1130-3405; E-mail: nazym_k.81@mail.ru.

Д.Н. Щитов, University of Customs and Finance, Dnipro, Ukraine

Dmytro Shchytov — PhD in Economics, Senior Lecturer at the Department of Management and Administration (Dnipro Faculty of Management and Business, KNUKiM), Doctoral Student at the University of Customs and Finance, Dnipro, Ukraine.

ORCID: https://orcid.org/0000-0003-4306-8016

Н.Ф. Мормуль, University of Customs and Finance, Dnipro, Ukraine

Mykola Mormul — PhD in Technical Sciences, Associate Professor at the Department of Cybersecurity and Information Technologies, University of Customs and Finance, Dnipro, Ukraine. ORCID: https://orcid.org/0000-0002-8036-3236; E-mail: mormul@umsf.dp.ua.

Д.А. Черкасский, National Technical University "Dnipro Polytechnic", Dnipro, Ukraine

Черкасский Давид — аспирант, Национальный технический университет «Днепровская политехника», Днепр, Украина.

ORCID ID: https://orcid.org/0009-0003-8516-6252; E-mail: Cherkaskyi.Dav.O@nmu.one

Published

2026-06-30

How to Cite

Прокопович-Ткаченко, Д., Zhumagalieva , N., Shchytov , D., Mormul , M., & Cherkaskyi , D. (2026). FUZZY MODEL FOR EVALUATING INFORMATION SECURITY PARAMETERS OF INFORMATION SYSTEMS UNDER INCOMPLETE AND QUALITATIVE DATA: CONSTRUCTION METHODOLOGY, RULE BASE TUNING, AND DEMONSTRATION CASE FOR ORGANIZATIONS. INTERNATIONAL JOURNAL OF INFORMATION AND COMMUNICATION TECHNOLOGIES, 7(2), 279–304. https://doi.org/10.54309/IJICT.2026.26.2.018
Loading...