PSI - Issue 22

342 Jerzy STANIK et al. / Procedia Structural Integrity 22 (2019) 334–344 "Author name" / Structural Integrity Procedia 00 (2019) 000 – 000 - a set of security configuration numbers. The set of acceptable functional configurations after the occurrence of an emergency situation of number ∈ is determined based on knowledge: ℳℬ – a set of safeguards of engineering or organizational character and a set of potential security functions (e.g.: detection, deterrence, prevention, limitation, correction, reconstruction, monitoring, awareness, etc.), that are to be performed by these safeguards, ℬ - set of security attributes to be preserved for resources from the set , according to the following principle: = { { = < , ℬ , ℳℬ , > ∈ 2 × 2 × 2 × 2 }, ⋁ (ℳℬ ⊇ ℬ ) ∈ , ℎ (23) where: - sets of IT resources subject to protection, – a set of potential security attributes, - a set of potential engineering and organizational safeguards - a set of potential safeguard vulnerabilities, ℬ - a set of real safeguards of engineering and organizational nature. The above shall mean that the set of acceptable functional configurations after the occurrence of an emergency situation includes all functional configurations, constructed for various IT resource variants remaining after the failure, ensuring the completion of the required set of IT tasks. The capabilities (potentials) of functional configurations have a significant impact on maintaining the required level of functional reliability, and this in turn affects the value of residual IT risk. 5. The reconfiguration mechanism In order to create the possibility of compensating for the loss of an acceptable level of risk, it is necessary to specify at the IT design stage a set of acceptable control decisions, hereinafter referred to as directives, which persons from the risk management team can use to determine such current functional or safety configuration properties, which will enable or ensure the achievement of the required IT risk level. For the purpose of control and maintenance of an acceptable level of IT risk, the model of the reconfiguration mechanism has been defined as follows: = < , , , ℱ , ℱ , ℛ , Q , Q > , (24) where: - model of IT reconfiguration mechanism, – a collection of numbers of emergency type situations identified at the stage of analyzing the effects they cause in relation to reliability and functional security, − the family of acceptable functional configurations, − the family of acceptable security configurations, ℛ - risk function ℱ – general reconfiguration function in relation to functional configurations, ℱ – general reconfiguration function in relation to security configuration, Q , Q - detailed reconfiguration functions. The families of functional and security configurations have the following forms: = { , = 1, ̅̅̅̅ ̅ } ; = { , = 1, ̅̅̅̅ ̅ } (25) where - is the number of emphasized types of emergency situations. 9