A comprehensive approach to building an intelligent system for proactive personnel risk assessment in critical infrastructure
Abstract
Modern challenges in organizational security, particularly within critical infrastructure sectors (energy, transportation, finance, IT), necessitate innovative solutions to mitigate risks associated with hiring unreliable personnel. This requires a shift from conducting fragmented checks to the creation and implementation of comprehensive systems for proactive risk assessment. The urgency of developing such systems is driven by the high frequency and catastrophic consequences of insider incidents, coupled with the inability of traditional methods to detect complex, multi-stage threats originating from employees. However, building intelligent systems that semantically integrate heterogeneous data (biographical, behavioral, financial, digital) presents new systemic challenges. The aim of this article is to analyze the key methodological, ethical-legal, and architectural requirements for designing such systems. The work sequentially examines: 1) ethical and legal dilemmas (fairness, privacy, the right to explanation) and the constraints imposed by personal data legislation; 2) specific cyber threats targeting the compromise of the knowledge base and system logic, along with architectural countermeasures based on Security by Design principles; 3) a comparative analysis of the technological components of a multi-level assessment system (documentary verification, psychometric testing, AI analysis), justifying the necessity for their integration. The scientific novelty lies in a synthetic approach that forms a holistic methodology, considering not only technological efficiency but also fundamental legal constraints and information security requirements. The practical significance of the work consists in formulating systemic requirements for the design of secure, lawful, and socially responsible intelligent decision support systems for personnel security.
Downloads
References
Reason, J. (1990). Human error. Cambridge University Press. https://doi.org/10.1017/cbo9781139062367
Greitzer, F. L., & Hohimer, R. E. (2011). Modeling human behavior to anticipate insider attacks. Journal of Strategic Security, 4(2), 25–48. https://doi.org/10.5038/1944-0472.4.2.2
IBM. (2024). Cost of a Data Breach Report 2024. Armonk, NY: IBM Security.
Solar Group. (2025). Cyber-attacks on the credit and financial industry in 2025. https://rt-solar.ru/analytics/reports/6391/
hh.ru. (2025). Screening candidates for hiring: Research. https://hh.ru/article/301430
Tuan, A. C., Dang, M. T., Do, H. N., Solanki, V. K., Torres, J., Gonzalez Crespo, R., & Nguyen, T. N. A. (2024). Ontology and its applications in skills matching in job recruitment. Applied Ontology, 19(3), 287–306. https://doi.org/10.3233/ao-240019
Miranda, S., Orciuoli, F., Loia, V., & Sampson, D. (2017). An ontology-based model for competence management. Data & Knowledge Engineering, 107, 51–66. https://doi.org/10.1016/j.datak.2016.12.001
Wanyonyi, E. N., Abeka, S., & Masinde, N. (2023). A systematic review on machine learning insider threat detection models, datasets and evaluation metrics. International Journal of Network Security & Its Applications, 15(6), 37–56. https://doi.org/10.5121/ijnsa.2023.15603
Alzaabi, F. R., & Mehmood, A. (2024). A review of recent advances, challenges, and opportunities in malicious insider threat detection using machine learning methods. IEEE Access, 12, 30907–30927. https://doi.org/10.1109/access.2024.3369906
Gharibi, S. J., BagheriFard, K., Parvin, H., Nejatian, S., & Yaghoubyan, S. H. (2024). Ontology-based recommender system: a deep learning approach. The Journal of Supercomputing, 80(9), 12102–12122. https://doi.org/10.1007/s11227-023-05874-0
Sebubi, O., Zlotnikova, I., & Hlomani, H. (2023). Ontology-driven semantic enrichment framework for open data value creation. Data Science Journal, 22(1), 40. https://doi.org/10.5334/dsj-2023-040
Zheng, F., Zhao, C., Usman, M., & Poulova, P. (2024). From bias to brilliance: The impact of artificial intelligence usage on recruitment biases in China. IEEE Transactions on Engineering Management, 71, 14155–14167. https://doi.org/10.1109/tem.2024.3442618
Ilyina, V. A., & Ilyina, N. A. (2020). Ontologicheskiy podkhod k poznaniyu sistemy tsennostey yuridicheskoy psikhologii [An ontological approach to understanding the value system of legal psychology]. Psikhologiya i pravo [Psychology and Law], 10(1), 143–151 (in Russian). https://psyjournals.ru/journals/psylaw/archive/2020_n1/112944
Kotov, A. A., & Sokolov, D. V. (2021). Postroenie sistemy upravleniya informatsionnoy bezopasnost'yu ontologicheskikh modeley predmetnykh oblastey [Building an Information Security Management System for Ontological Models of Subject Domains]. Informatizatsiya i svyaz' [Informatization and Communication], 3, 124–128 (in Russian). https://cyberleninka.ru/article/n/postroenie-sistemy-upravleniya-informatsionnoy-bezopasnostyu-ontologicheskih-modeley-predmetnyh-oblastey
Venderevsky, M. A., & Pilipenko, A. P. (2019). Sovremennyye metody i sredstva informatsionnoy bezopasnosti: uchebnoye posobiye [Modern methods and means of information security: A textbook]. Moscow: Solon-Press.
Zapata, A., Kreuch, T., Landers, R., Hoyt, T., & Butcher, J. (2009). Personality assessment in personnel selection using the MMPI-2: A cross-cultural comparison. International Journal of Clinical and Health Psychology, 9, 287–298.
Soto, C. J., & Jackson, J. J. (2013). Five-factor model of personality. Psychology. https://doi.org/10.1093/obo/9780199828340-0120
Fazel-Zarandi M., & Fox M. S. (2009). Semantic matchmaking for job recruitment: An ontology-based hybrid approach. Proceedings of the 3rd International Workshop on Service Matchmaking and Retrieval. Washington, D.C.
Almomani, H., Alsarhan, A., AlJamal, M., Aljaidi, M., Alsarhan, T., Khassawneh, B., Samara, G., Singla, M. K., & BaniMustafa, A. (2024). Proactive insider threat detection using facial and behavioral biometrics. 25th International Arab Conference on Information Technology (ACIT), 1–7. https://doi.org/10.1109/acit62805.2024.10876972
Synnott, J., Dietzel, D., & Ioannou, M. (2020). Open Access: A review of the polygraph: history, methodology and current status. Reviewing Crime Psychology, 50–74. https://doi.org/10.4324/9780429346927-5
National Security and Intelligence Review Agency (2024). Review of the communications security establishment's use of the polygraph for security screening. https://nsira-ossnr.gc.ca/wp-content/uploads/NSIRA-Final-Redacted-Polygraph-Review-EN.pdf
Hu, T., Xin, B., Liu, X., Chen, T., Ding, K., & Zhang, X. (2020). Tracking the insider attacker: A blockchain traceability system for insider threats. Sensors, 20(18), 5297. https://doi.org/10.3390/s20185297
Committee to Review the Scientific Evidence on the Polygraph, National Research Council (2003). The polygraph and lie detection. Washington: National Academies Press.
Schmidt, F. L., & Hunter, J. E. (1998). The validity and utility of selection methods in personnel psychology: Practical and theoretical implications of 85 years of research findings. Psychological Bulletin, 124(2), 262–274. https://doi.org/10.1037/0033-2909.124.2.262
CheckPRSN (2025). Checking employees (in Russian). https://checkprsn.ru/check_applicant
HT-Lab (2025). Price list of services (in Russian). https://ht-lab.ru/ceny/
Kwork (2025). Resume analysis using AI (in Russian). https://kwork.ru/script-programming/39958948/analiz-rezyume-s-ispolzovaniem-ai
Yandex.Uslugi (2025). Services: undergo a polygraph (in Russian). https://uslugi.yandex.ru/10174-saint-petersburg-and-leningrad-oblast/category?text= пройти+полиграф
Copyright (c) 2026 National Research University Higher School of Economics (HSE University)
This work is licensed under a Creative Commons Attribution 4.0 International License.
