PSI - Issue 22

330 Jerzy STANIK et al. / Procedia Structural Integrity 22 (2019) 322–333 "Author name" / Structural Integrity Procedia 00 (2019) 000 – 000 9 Should it not be possible to directly determine the real potential , it can be determined based on the knowledge of the hypothetical potential , using the below multiplicative formula: , ∶ Β × , → ℜ S i + ; m ∈ ZTO u IT ; u ∈ U IT , (18) where: Β - efficiency (effectiveness) factor of the m-th security mechanism in relation to the u-th usefulness feature, , - potential capabilities of the m-th security mechanism in relation to the u-th usefulness feature. If we can express all hypothetical partial potentials , in a certain normalized numerical space ℕ ∈ ℜ I +T , then the total hypothetical potential ( ) could be determined as a weighted additive function of partial potentials, that is: = ∑ , Z̿̿T̿̿̿O̿ uIT =1 , , ; u ∈ U IT ; m ∈ ZTO u IT ) → ℕ , (19) where: , – weighting factors of individual security mechanisms in relation to the b-th usefulness feature. Total real potential ( ) can be determined as a weighted additive function of partial potentials, i.e.: ∶ × → ℕ (20) where: – the function of the safeguard system's effectiveness in relation to the u-th usefulness feature. The potential of the safeguard subsystem represents the current safeguard capabilities of an engineering and organizational nature to combat the real hazards Ω , generated by the system of hazards as well as all the vulnerabilities detected by the vulnerability system in relation to the IT system or its basic systems. The actual capabilities of the safeguard subsystem have been determined in an analytical manner using a synthetic quality indicator, which is the real response potential. It can be calculated on the basis of various analytical formulas that require further analyzes in order to assess their suitability for the current needs and requirements of the IT environment. 3.4. Potential of the vulnerability system The potential of the vulnerability Δ subsystem can be determined by means of the general formula of the type: Δ = ( Δ , , ; u ∈ U IT ; p ∈ LP u IT ) → ℜ I +T (21) where: LP u IT - list of the detected vulnerabilities in the basic IT systems or in the safeguards in relation to the u-th usefulness feature, Δ , - real potential of weakness (vulnerability) in basic IT systems and in real safeguards from the point of view of the p-th susceptibility in relation to the u-th usefulness feature. Should it not be possible to directly determine the real potential , it can be determined based on the knowledge of the hypothetical potential , using the below multiplicative formula: Δ , ∶ × Δ , → ℜ I +T ; (22) where: – function of transformation of potential vulnerabilities into real ones in relation to the u-th usefulness feature, Δ , - hypothetical potential of weakness (vulnerability) in basic IT systems and in real safeguards from the point of view of the p-th susceptibility in relation to the u-th usefulness feature. If we could express all of the hypothetical potentials Δ , in a certain normalized numerical space ℕ ∈ ℜ I +T , then the total hypothetical potential ( Δ , ) in relation to the u ∈ U IT feature can be determined as a weighted additive function of partial potentials, that is: Δ = ∑ , ̿L̿̿P̿ uIT =1 Δ , , ; u ∈ U IT ; p ∈ LP b S i ) → ℕ , (23)