A secure system needs to cope with evolving threats and changes to the environment through design and architectural measures as well as operational ones.
Therefore safety cases must address security concerns as well as safety concerns, as security is a fundamental factor in system safety. Adelard have been developing and deploying an approach to security-informed safety based on a risk assessment methodology and the use of structured safety cases based on claims, arguments, evidence (CAE). We have been working closely with industrial partners on applications from the rail and aviation and nuclear domains. We also work closely with PEN testing specialists to shape their testing approach and to support the overall threat and risk analyses we perform.
Our aim is to establish a principled approach to security-informed safety by pursuing the following strategy:
- Develop guidance on concepts and terminology to support dialogue between the safety and security communities.
- Research the applicability of security principles to safety and the associated trade-offs and conflicts.
- Developing credible arguments that safety and security risks have been reduced to as low as reasonably practicable.
- Develop a Claims, Arguments, Evidence based methodology could be used to support the development of security-informed safety cases and to provide tool support within our product ASCE.
- Engage with the standards process in order to support the development of coherent, sound and practicable standards.
Additional insight can be found on the Security-Informed Safety page.
We also offer a course on security-awareness for safety engineers, details can be found on the Security-Informed Safety training page.
For more information, please contact us.