PSI - Issue 22

Jerzy STANIK et al. / Procedia Structural Integrity 22 (2019) 322–333 "Author name" / Structural Integrity Procedia 00 (2019) 000 – 000

325

4

the estimation of negative consequences and after-effects, i.e. the quantitative prediction of losses and damages that the given event may bring. The risk is also defined in qualitative terms by means of the following expression: ℛ = { , ℋ , } =1 , ̅̅̅ ̅ (6) where: J - number of risky situations, – j-th risky situation of IT and its environment, ℋ - values of parameters and indicators describing j-th situation, - probability of occurrence of values and indicators describing the j-th situation. We assume the sequence of these four to be a risky model: = < , , , > where: AW - a set of acceptable action options, AW = {w i ∶ i = 1,2, … , m} S - a set of possible and likely states of affairs (IT hazard scenarios), S = {j ∶ j = 1,2, … , n} u − usability function defined as follows: u: AW × S → ℜ , u ( w i , s j ) = u ij ∈ R p - possibility or probability of occurrence of a risky situation whereby: = < 1 , 2 ,…,, >; = Pr( ) ≥ 0; ∑ = 1 =1 . The risk of engineering infrastructure can also be defined by means of a vector ⃗⃗⃗⃗⃗⃗ , the components of which represent the risk of losing individual features within the ∈ usefulness of the engineering infrastructure: ⃗⃗⃗⃗⃗⃗ = {R u IT } u∈ IT (7) where: IT – a set of features or properties describing the usefulness of IT , R u IT - coordinate of a vector ⃗⃗⃗⃗⃗⃗ that characterizes the risk of losing the u-th usefulness character . The vector definition of IT risk (7) is quite easy for practical use in relation to IT , because it does not require a priori knowledge of probability of the occurrence of a given hazard, and also enables:  quantitative or qualitative risk measurement in relation to each IT usefulness feature,  risk management both in relation to all IT as well as its essential elements,  development of own risk management strategy also in relation to the entire IT as well as to its essential elements. IT risk management is based on the ongoing keeping of an acceptable level of risk in relation to each IT usefulness through appropriate control of the current operational properties (potentials) of the following systems: basic IT systems, a system of hazards, safeguard system, system of vulnerability of basic systems as well as protections of the safeguard system. While controlling the current properties of IT usefulness, we are interested only in certain, a priori unknown moments of time in which decisions should be taken to control the potential of the hazard systems and the safeguard system. A schematic illustration of IT from the point of view of controlling the current features of IT usefulness and maintaining an acceptable level of risk in relation to its usefulness features is shown in Figure 1.