Abstract

Information security for safety-related systems has become a real issue, in any case since attacks on industrial control systems have been reported. So, there is the task to consider information technology (IT) security issues for safety-related systems. For safety-related systems, there are many probabilistic approaches to computing a residual risk or tolerable risk. This is done for almost all areas of systems. The common concept of these standards is: there exists a certain probability that these systems will have a dangerous failure over a certain mission time (or a dangerous failure rate at a given point of time). Dangerous failures can be systematic or random. The probability for random failures can be computed and for systematic failures, there exist commonly agreed counter measures. When it comes to risk analysis, many concepts from safety and IT security seem very similar; only the wording seems different. What’s called a hazard in safety is called a threat in IT security, but the risk analysis processes really look alike. We show why the concept of probability cannot be applied to IT security. The key to solve the problem is to treat IT security in the same way as systematic failures in the safety domain. We have argued that there are similar problems in the application of probabilistic concepts and we could try to transfer the concept. This would mean to introduce levels for IT security similar to the Safety Integrity Levels (SIL).

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
A formal qualitative risk management approach for IT security
Bessy Mahopo ... Mathias Mujinga
-
Bessy Mahopo, et. al.Bessy Mahopo ... Mathias Mujinga
01 Aug 2015
Which IT Security Investments Will Pay Off for Suppliers? Using the Kano Model to Determine Customers' Willingness to Pay
Rabea Sonnenschein ... Peter Buxmann
-
Rabea Sonnenschein, et. al.Rabea Sonnenschein ... Peter Buxmann
01 Jan 2015
Information Technology (IT) Security in Small and Medium Enterprises (SMEs)
Michael W Kimwele
-
Michael W KimweleMichael W Kimwele
04 Oct 2013
Digital Transformation and IT Security Issues - Analyzing Organizational Decision-Making Processes through a Behavioral Lens
Publications of Darmstadt Technical University, Institute for Business Studies (BWL) | VOL. -
01 Jan 2020
View more papers

More From: Safety and Reliability

Paper Title
Journal
Date
Author
Prediction of water–main failures and management of the associated risks using integrated predictive analytics approach
A Delnaz ... S S Li
Safety and Reliability | VOL. ahead-of-print
A Delnaz, et. al.A Delnaz ... S S Li
26 Jul 2024
An integrated Petri net-pseudo bond graph model for nuclear hazard assessment
Mark James Wootton ... Vipul Garg
Safety and Reliability | VOL. ahead-of-print
Mark James Wootton, et. al.Mark James Wootton ... Vipul Garg
26 Jul 2024
Identifying drivers’ perception-reaction time (PRT) in car-following processes via two different methods using vehicle trajectory data
Gaoming Wu ... Dan Wu
Safety and Reliability | VOL. ahead-of-print
Gaoming Wu, et. al.Gaoming Wu ... Dan Wu
01 Jul 2024
Mapping to IEC 61508 software developed to ISO 26262
Peter Okoh ... Thor Myklebust
Safety and Reliability | VOL. ahead-of-print
Peter Okoh, et. al.Peter Okoh ... Thor Myklebust
14 Jun 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.