The analysis of digital footprints (DF) related to the cybersecurity (cyber risk) user behavior of university information and education systems (UIES) involves the study and evaluation of various aspects of activity in the systems. In particular, such analysis includes the study of typical patterns (patterns) of access to UIES, password usage, network activity, compliance with security policies, identification of anomalous behavior, and more. It is shown that user behavior in UIES is represented by sequences of actions and can be analyzed using the sequential analysis method. Such analysis will allow information security (IS) systems of UIES to efficiently process categorical data associated with sequential patterns of user actions. It is shown that analyzing sequential patterns of cyberthreatening user behavior will allow UIES IS systems to identify more complex threats that may be hidden in chains of actions, not just individual events. This will allow for more effective identification of potential threats and prevention of security incidents in the UIES.