3.3.2 Formation of threats models with to take into consideration of rational distribution of threats implementation means on system elements

       For an estimation of the information security in IT system it is necessary to consider various modes of operations, script of use and various variants of system construction. At various use of various variants of system construction, the models of threats also will be various. It is clear, that in such cases of the characteristic of elements of system can change, the purposes of system, its topology, connections between elements and even architecture of system also can change. Thus the rational assignment of threats implementation means available at the threats agent on elements of system will vary. In the previous item 3.3.1 we considered rational distribution of means at the given mode of system operations. It is possible to tell, that for this case, such rational distribution and will be model of threats. However threats model can be formed for various combinations of the given modes of operations, scripts of use and variants of system construction. As we form models of threats on rational algorithm, we can speak about a degree of the importance for the given application of system of that or other threat. Thus, in a structure of protection for the given system we have an opportunity to take into account valuable for system of threat and to prove them. Thus also we have opportunity to prove sufficiency of expenses of the threats agent for drawing the maximal damage to system. In turn it gives us an opportunity in structures of protection for systems to speak about a maximum level of threats and in general about levels of threats for some classes of systems. According to submitted in subsection 5.3 “The risk assessment” by estimated levels and having calculated value of function (3.3.1.1), after rational distribution of means, it is possible to determine an opportunity of processing in system of the information with the given level of its importance A(t_d). If at the given level of threats we have defined, that the information with the given level of importance cannot be processed, showing to system additional restrictions, assumption, requirement and including requirement for realization in system of various formal models of protection of the information, we can achieve an opportunity of processing in system of the information with the given level of its importance A(t_d). To trace that level, when the given information can be processed in system, we should every time at entering a set of the additional requirements to expect achievement of the given level on algorithm submitted in a general view in the given item of work. In more detail this algorithm will be submitted in the following subsection 3.4. 

3.3.2.1 Algoritm of rational distribution of threats implementation means on system elements in dynamics of its functioning