PSI - Issue 22

340 Jerzy STANIK et al. / Procedia Structural Integrity 22 (2019) 334–344 "Author name" / Structural Integrity Procedia 00 (2019) 000 – 000 = < 1 , 2 ,…,, >; = Pr( ) ≥ 0; ∑ = 1 =1 . (14) Given the IT reliability aspect, let's introduce the concept of IT emergency situation. The element = < × ̌ × ̂ > ∈ determines the type of IT emergency situation. We assume that value of the function is specified for each type of failure Φ ( ) = . The space of possible “emergency” IT situations creates a Cartesian product : = 2 ̂ × 2 ̌ × 2 ̂ . (15) where: ̂ - a set of features or properties distinguished from the set U, that determine the current IT usefulness or its core elements, in relation to reliability as well as security, ̌ - a set of engineering and human resources, distinguished from the set ZTO, due to certain types of reliability, ̂ - a set of engineering or organizational safeguards, highlighted from the set MB , due to certain security functions. It is assumed that the IT class under consideration is equipped with an automatic functional fitness control subsystem and a software control and diagnostic unit that detects all types of emergency situations. To unequivocally determine the existing IT situation, through the built-in identification system using the following identification functions: a) a collection of efficient engineering resources, based on which it is possible to set an acceptable set of functional configurations : ⟶ 2 , ( ) = ̌ (16) b) a collection of efficient security mechanisms, based on which it is possible to establish an acceptable set of functional configurations : ⟶ 2 , ( ) = ̂ (17) c) set of IT usefulness features : ⟶ 2 , ( ) = ̂ (18) In addition, it is assumed that for each type of emergency situation ∈ of the number sets ̌ , ̂ , ̂ are finite and determined at the stage of defining or establishing IT. 4. Functional configuration and security configuration In order to enable compensation for the loss of an acceptable level of risk, it is necessary to specify at the stage of IT design a set of acceptable control decisions, hereinafter referred to as directives, by means of which the members of the risk management team can determine such current properties of acceptable functional configuration or security configuration that will allow to achieve the desired levels of IT security and reliability, and thus an acceptable level of risk. Depending on the level of abstraction with which we look at IT, we can distinguish and describe various types of functional configurations or security configurations. For example, assuming as a criterion for the division of a layered IT concept one can distinguish: resource configuration, task configuration, process configuration, system configuration. In the remainder of this work, we will only use the term: object-oriented functional configuration, object-oriented security configuration or short-term functional configuration, security configuration. 4.1. Functional configuration model Functional configuration is understood as a suitably designed and implemented subset of IT (human or engineering) resource subset and relationships between them with strictly defined reliability properties necessary to perform a specific task (function) from a set ZZ IT in a specific IT environment. Let's introduce the following notation of any security configuration = < ℤ , ℤ , ℋ > (19) where: 7