PSI - Issue 22

Jerzy STANIK et al. / Procedia Structural Integrity 22 (2019) 322–333 "Author name" / Structural Integrity Procedia 00 (2019) 000 – 000

327

6

Knowledge of current information on the current capabilities (current values of potentials) of individual systems: the hazard system, safeguard system, basic IT subsystems and vulnerability system is the basis for determining the value of risk and determining the strategy for dealing with it. 3. Engineering infrastructure risk model As a risk model of engineering infrastructure for the purpose of an ongoing keeping of an acceptable level of risk in relation to each IT usefulness characteristic, the below ordered pair was adopted: < {R u IT } u∈U IT , { } ∈ > (8) where: U IT – a set of characteristics, properties or parameters and variables describing the usefulness of IT . R u IT - coordinate of vector ⃗⃗⃗⃗⃗⃗ (7) characterizing the level of keeping the u-th property, − function of transforming the real potentials of the following systems: basic, hazard, safeguard and vulnerability in relation to the u-th IT usefulness feature expressed in the general formula of the following type: ∶ × Ω × Δ × → ℜ + , ∈ ; ( , , , ) = ∈ ℜ + (9) whereby: S uR – the real potential of basic systems in relation to the u-th IT usefulness feature, Ω uR - the real potential of the hazard system in relation to the u-th IT usefulness feature, Δ Ru – the real potential of basic systems in relation to the u-th IT usefulness feature, Q Ru - the real potential of the safeguard system in relation to the u-th IT usefulness feature, ℜ I +T - normalized numerical space. IT risk shaping process will be examined in a certain systemic convention, involving modeling of engineering infrastructure risk ⃗⃗⃗⃗⃗⃗ based on:  information on the state of IT systems reflecting their operational capabilities (potential of hazards, real capabilities of the safeguard system, real potential of values or losses of basic systems, potential of vulnerability system, etc.)  partial (component) risk levels R u IT in relation to each usefulness feature  current level of IT usefulness. as a certain IT risk management system (Figure 1). The purpose of the risk management system is to identify, measure, or assess and monitor the risk appearing in the IT operations in order to ensure the correctness of the process of determining and implementation of purposes carried out by IT . The Management System should also enable a retrospective assessment of the effectiveness and usefulness of the activities undertaken in relation to the basic IT elements/components, e.g. business processes, domain systems, support systems, technologies utilized, etc. In the following subchapters of this chapter, the methods of determining potentials for identified IT systems is described: basic IT systems, hazard system, safeguard system, vulnerability system. 3.1. Potential of the basic IT systems The potential of basic IT systems is expressed by the real value of losses (damages) incurred by IT as a result of the loss of essential features/properties in relation to basic systems or their components. To determine the potential of loss or damage to the IT elements (basic systems), the valuation of assets (resources) of these systems should be performed first. This, in turn, implies the need to identify basic and auxiliary assets (at an appropriate level of specificity). Basic resources are processes, business activities, services and information. Auxiliary resources (on which basic resources are based) are: hardware, software, telecommunications network, system users, personnel, headquarters, organizational structure and other elements.