The Leveraging of Safety and Information Security Engineering Principles: Establishing an Effective Level of Integrated Risk Management

摘要

In the overall goal of building safe, secure, and efficient systems, aligning safety and information security principles within a system engineering methodology can aid in achieving an effective system solution. The foundation of which lies in managing safety and information security risk associated with the system throughout its lifecycle. Integrated safety and information security risk management revolves around four primary activities. Hazard identification aids in capturing system hazards and vulnerabilities. The next activity involves assessing the hazard effect or impact and prioritizing risk into appropriate levels to be managed. Prioritizing risk aids in evaluating and balancing candidate system safety and information security requirements. Finally, balanced requirements are incorporated into the system specification for system design and implementation. Integrating system safety and information security into the system development lifecycle is advantageous for the following reasons. First, system development goals can more effectively be achieved when system safety and information security issues are resolved and risk mitigation requirements are implemented during the design. Second, it is less expensive and obtrusive to integrate risk mitigation requirements in the design than to force them at the end. By leveraging the engineering principles, the foundation of managing safety and security risk can effectively pursue adequate levels of safety and security.