Problem statement. Unintentional violations by a user of instructions for working with an information system, leading to information security threats (unintentional insider incidents), are a serious issue in the field of information security. The main cause of such violations is that, due to a certain psycho-emotional state of the user, a deviation in behavior occurs, and the user may make mistakes both in choosing and in working with system interface elements: for example, entering confidential data into "open" fields. The aim of this work is to describe a software tool for modeling, developed based on the author's system interface model and instructions. Research methods: computer modeling, software engineering, experiment. The result: in addition to the very fact of creating a software tool, its operability has been proven in terms of modeling the interface in an information system and instructions for working with it, as well as the visibility of the resulting graphical representation. The practical significance lies in the fact that this tool allows you to implement a method to counteract the deviation of user behavior by solving the optimization problem of clarifying instructions in terms of the specification of the description of interface elements; at the same time, this task is multi-criteria, since increasing the content of instructions leads to the opposite effect - complicating its perception by humans.

The purpose of the study is to determine the reliability of an employee of a critical information infrastructure entity involved in implementing measures to respond to computer incidents and eliminate the consequences of computer attacks on significant objects of the specified infrastructure, as well as to assess the feasibility of using this parameter to characterize the employee in decision support systems. As part of the solution to the problem of assigning responsible employees to implement measures to respond to computer incidents and eliminate the consequences of computer attacks, a methodological approach has been proposed to determine the reliability of the employee responsible for implementing the computer incident response plan. Practical experimental studies have been conducted to assess the effectiveness of the actions of employees of critical information infrastructure entities with different qualifications and skills. As a result of the study, an approach is proposed to calculate the main indicators of the performer's qualifications and skills, as well as to use the obtained indicators when solving the task of assigning performers (the assignment problem), which will reduce the time required to respond to a computer incident and eliminate the consequences of a computer attack. The obtained results allow for the reasonable formation of requirements for the qualifications and skills of personnel in the security forces of significant critical information infrastructure facilities and ensure the interchangeability of performers. The practical significance lies in solving the problem of optimal distribution (assignment) of an executor, taking into account their qualifications and skills, when responding to computer incidents and eliminating the consequences of computer attacks.