PSI - Issue 22

Jerzy STANIK et al. / Procedia Structural Integrity 22 (2019) 334–344 "Author name" / Structural Integrity Procedia 00 (2019) 000 – 000

339

6

1) emergence of new and/or not yet identified hazards, vulnerabilities, having a significant impact on the level of IT risk, 2) identifying new reliability or security gaps, having a significant impact on IT risk level, 3) occurrence of disruption and inutility of the currently implemented engineering resources and security mechanisms that prevent the required level of reliability and security, 4) IT has been modified. The occurrence of the event specified in points 1,2,3 or 4, or 1 and 2 and 3 and 4 or any combination thereof, called “loss of the required level of reliability or IT security”, is detected by the SAKZ and SAKB subsystems and immediately signalized to the control subsystem. The purpose of the control subsystem is to correct the difference between the desired usefulness level and its current usefulness level. If this deviation is not rectified by the control subsystem, IT will not reach the specified target. The IT risk should be examined in a dynamic aspect, taking the time factor into consideration, because only then can we realistically estimate current hazards and prepare appropriate measures adequate for the state of these threats, e.g. appropriate functional or security configurations. On the basis of praxeological IT, which also takes into account the time factor, the status of partial IT risk can be defined using the following expression: ( ) = { ( ), ( ), ( )} (8) where: ( ) – IT risk situation at the moment ( ) , ( ) - values of parameters and indicators describing the risky situation at the moment ( ) , ( ) – usefulness function defined as follows: ( ): < ( ), ( ) > ⟶ Due to significant difficulties of testing dynamic IT risk shaping taking into account the time factor, in further considerations, the time variable ( t ) will be replaced with generalized IT usefulness states (Sienkiewicz 2013): : ∈ → ( ) ≡ { } ∈ ̂ (9) where: – function of transformation of potential situations into real situations, – collection of potential IT situations, ( ) - dynamic collection of IT situations and its environment, ̂ – set of permissible IT states. We assume an orderly four as a risky SR model: =< , , , > (10) where: - a set of acceptable action options, = { ∶ = 1,2, … , } (11) - a set of possible and likely states of affairs (scenarios), = { ∶ = 1,2, … , } (12) − usability function defined as follows: : × → ℜ ; ( , ) = ∈ (13) - possibility or probability of occurrence of a risky situation whereby: