The security of information systems in higher education institutions is critical due to the increasing complexity and coordination of cyberattacks targeting personal data and critical infrastructure. This study examines the requirements for protecting personal data within the information systems of DonNTU, emphasizing compliance with Russian regulatory standards, such as FSTEC guidelines and the fourth level of security (UZ-4). A multi-layered protection architecture is proposed, encompassing user access control, application-level security, system software, and network infrastructure. The research introduces an algorithm for assessing asset vulnerabilities based on threat likelihood and existing safeguards, alongside an algorithm for determining acceptable risk levels, which is decided by expert groups to balance protection costs against asset value. Key protection measures include multi-factor authentication, data encryption, regular backups, and anomaly detection to ensure data integrity, confidentiality, and availability. The study also highlights the importance of import substitution to reduce reliance on foreign technologies amid geopolitical constraints. Quantitative vulnerability assessments are derived using statistical data and weighted coefficients to evaluate threat frequency and protection efficacy. Future research directions include enhancing domestic security tools and refining risk assessment methodologies to address evolving cyber threats, ensuring robust protection for educational institutions' information systems.
Ovsyannikov et al. (Mon,) studied this question.