• Polina A. Tuktarova, Irkutsk State Agrarian University named after A.A. Ezhevsky (Molodezhny settlement, Irkutsk region, Russia)
• Yulia T. Mansurova, Ufa University of Science and Technology (Ufa, Russia)
• Diana I. Yaltonskaya, Ufa University of Science and Technology (Ufa, Russia)

This article focuses on optimizing an enterprise's personnel security program using discrete (0-1) linear programming methods under resource constraints. This approach is relevant because personnel are both a key asset and a potential source of internal threats, ranging from unintentional errors to deliberate violations leading to financial losses. The objective of this study is to develop a formalized model for selecting a set of personnel and information security measures that, given budget and labor limits, ensures the required reduction in integral risk and maximizes the expected economic impact. Binary indicators for program inclusion are used as decision variables, and the optimality criterion is defined as maximizing net annual savings (the difference between prevented damage and costs). The model incorporates constraints on funding, available man-hours, and an optional minimum cumulative impact constraint. Initial data was generated for six alternative measures (DLP/StaffCop monitoring, UEBA analytics, MFA enhancements for privileged users, information hygiene e-learning, KPIs/early warning, and an expanded benefits package) indicating cost, labor intensity, and expected loss reduction based on expert assessment and incident statistics. Practical testing was performed in the Python environment using the MILP (branch-and-bound) approach and demonstrates the optimal set of measures. The resulting solution ensures compliance with resource limits and the achievement of the target effect, while eliminating measures with the worst cost-to-benefit ratio. The scientific and practical significance of this work lies in the translation of high-quality management reasoning about personnel security into a reproducible optimization formulation suitable for recalculation with changes in prices, labor resources, and regulatory requirements.

HR security, insider threats, discrete programming, 0-1 optimization, UEBA, DLP, MFA

2026-06-05