PSI - Issue 22

Jerzy STANIK et al. / Procedia Structural Integrity 22 (2019) 322–333 "Author name" / Structural Integrity Procedia 00 (2019) 000 – 000

332

11

Form of standardization function { 1, ℎ

= 1 2, ℎ = 2 3, ℎ

1, ℎ = 3 3, ℎ = 2 5, ℎ

100% ) ; − √ 2 3 ;

= 1 1 + ∗ ( 1 −

= 3 {

Source: own study The function values ( ) may be interpreted in the following way: 1 - acceptable risk, 2 - tolerable risk, 3 - intolerable risk. The forms of normalization function from belonging to the family should be defined in such a way as to transfer their values onto the range [1, ..., N], and to maintain the correct proportions of their impact on the risk of spatial data processing. If we assume that the components R have been scaled within a certain standardized space, for example in the range of [1, N], then the total IT risk in relation to the individual usefulness features can be expressed, e.g. using the risk maps/matrices, risk fields, risk curve, etc. (Protasowicki, Stanik, 2016)). Risk evaluation, as the final step in the risk assessment, involves a comparison of the level of risk identified in the analysis process with the criteria adopted. This comparison requires high accuracy and reliability. It is assessed whether the expected risk is within the limits of acceptance or tolerance, or if it is outside these limits. Acceptable risk does not require special attention (daily activities), and risk within tolerance limits should already strengthen vigilance and initiate activities aimed at its monitoring, control and mechanisms to reduce it. Tolerance in matters of risk is not an acceptance of the existing state of affairs and requires a reaction. Risk evaluation is an activity consisting in comparing the result of risk analysis with the adopted criteria in order to qualify the risk to the appropriate category (level of acceptable, tolerable, intolerable risk (Fig. 2.). Risk evaluation is a summary of previous activities (identification and analysis) and an indication of which risks or groups of risks should be dealt with further, and which ones only require the previous control measures.

Information security

Quality

3

2

Functional safety

Complexity

1

The risk field for IT

1

2

3

Reliability

Functionality

Risk tolerated

The risk is not tolerated

Innovation

Continuity of action

Acceptable risk

Fig. 2. Illustration of the IT risk radar graph – example. Source: Own study.

Summary The risk model of an engineering infrastructure presented in this article is characterized by high complexity resulting from the use of a mathematical apparatus. This fact is caused by considering many factors related both to the usefulness of the IT and its operating environment, affecting its proper operation and maintaining an acceptable level of risk with regard to the IT usefulness features.