Innovative technology for assessing the quality of information security systems in the design of a modern educational environment

The article describes an experimentally-based innovative technology for assessing the performance characteristic «Usability» of the information security system in the automated system of the digital educational environment. This characteristic consists of indicators: the structure of a typical operation, time index and probability rate. On the basis of the obtained results of the assessment of the listed indicators it is possible to choose an information security system for the designed digital educational environment.


Introduction
Restricted information circulating in any modern digital educational environment (DEE) is subject to many risks and threats of different and mixed nature. The security of such an educational environment is ensured by the presence of protected automated systems (AS) in it. The function of protecting the information circulating in the protected AS is performed by the information security system (ISS), which implements the electronic protective measures [1]. ISS is a complex human-machine system, to the design of which a particular attention should be paid, since a poor-quality DEE protection mechanism can lead to unacceptable damage.
The quality and effectiveness of ISS functioning depends on its ergonomic support [2][3]. One of the ways to obtain the maximum possible coordination of the ISS technical component with the operator's features is to develop a convenient program interface [4][5]. The main operator interacting with the ISS through the interface is the security administrator [6][7][8][9][10], who has a direct impact on the effectiveness of the protection of information circulating in the protected AS and in the DEE as a whole. According to GOST 28806-90 [11], the assessment of the performance characteristic «Usability» is relevant for the ISS. Thus, the purpose of the article is to develop the system of indicators of the performance characteristic "Usability" of the DEE AS ISS and the methods of their assessment.

Materials and methods
The performance characteristic «Usability» of the ISS can be assessed theoretically and experimentally. Theoretical assessment has some weaknesses and limitations, therefore it is advisable to take an assessment on the basis of an experiment.
The assessment of the performance characteristic «Usability» is a gradual assessment of three indicators that characterize any typical operation performed by the ISS security administrator. These parameters include: the structure of a typical operation, time index and the probability rate.
Assessment of the ISS performance characteristic "Usability" based on the experiment represents the following.
Before the start of the experiment, the choice of the ISS, which will be the platform for the experiment fulfillment, should be made, in our case, it is «Guard NT 3.0». Furthermore, in accordance with the program documentation [8] and the survey of ISS administrators, a list is specified containing typical operations that will be performed by the supposed ISS administrators. Then, groups of users are formed, who, as ISS administrators, will perform operations from the composed list.
The realization of experiment involved 81 fifth-year students trained in the specialty 10.05.01 -«Computer security». All participants were divided into quantitative equal groups, depending on the level of proficiency in the «Guard NT 3.0» ISS.
To assess the indicator «structure of a typical operation» of the «Guard NT 3.0» ISS performance characteristic «Usability», each operation performed by security administrators was divided into elementary actions.
To assess the indicator «time index» the average time of fulfillment of all operations by each group of security administrators was identified. The used tool was the IOGraph V1.0.1 application, which implements the mousе-tracking technology («screen-scraping» technology).
The assessment of the indicator «probability rate» was carried out by constructing the functions of distribution of the time taken by operators to execute typical operations. The experimental evaluation and the calculations are resulting in the values of timeliness of performing typical operations by the ISS administrators.

Results and its discussion
The particularity of this experiment was to create the most realistic conditions for the interaction of operators with the selected ISS.
The participants of the experiment acting as administrators of the «Guard NT 3.0» ISS performed the following typical operations: «Exporting settings of «Information media registering» program», «Editing properties for information media groups», «Editing permissions», «Classification mark assignment», «User reidentification», «Working with an event filter «, «Computer locking».
Each of the above named operations can be decomposed into a sequence of elementary actions, which, in its turn, is an indicator of «Guard NT 3.0» ISS performance characteristic «Usability»the structure of a typical operation. As an example, let us consider the structure of a typical operation «Exporting settings of «Information media registering» program».
The operation «Exporting settings of «Information media registering» program» has the following structure. The security administrator selects the menu item «Information media», then «Export settings». After that, a window will appear where the security administrator selects the information media groups, the settings of which he will export, and clicks the «Next» button. Then, in the window that appears, the security administrator selects the media the settings of which he needs to export to other computers and clicks the «Next» button. In the window that appears, the security administrator selects the required computer or computers and clicks the «Finish» button. Then the settings will be transferred to the selected computers.
During the performance of typical operations by each group of users, the IOGraph V1.0.1 tool, that Based on the obtained values of the time index of typical operations performance by the groups of users presented in table 1, an estimation of the probability rate of the «Guard NT 3.0» ISS performance characteristic «Usability» was obtained, which is presented in table 2. At the same time, according to [13,14], in the operational evaluation, a truncated normal distribution was used to describe the statistical characteristics of the typical operations execution by a group of users.

Conclusion
Summing up what has been said, the article describes an innovative technology for assessing the ISS performance characteristic «Usability», namely the experimentally-based assessment of its indicator «structure of a typical operation», time index and probability rate. The assessment of the indicator «structure of a typical operation» was carried out by way of decomposing the operations performed by the security administrator during the operation of ISS. The assessment of the time index was carried out by determining the average time of execution of typical operations by security administrators. The assessment of the probability rate was carried out by constructing the functions of distribution of the time taken by security administrators to execute typical operations. The obtained values will allow to choose the most effective ISS for the designed educational environment. The results can be used, for example, when designing software for the following tasks: big data analytics for IoT platform [15], data flows in an IP-based networks [16], information security risk estimation for cloud infrastructure [17].