Article | REF: SE2500 V4

Information security and safety for risk management – Application to Information System

Author: Frédérique VALLÉE

Publication date: February 10, 2024

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


Overview

Français

ABSTRACT

This article deals with the notion of safety and security as understood for software.

After an introduction that presents the risks involved in programmed systems, it explains the need to distinguish between the fields of information systems and scientific and technical software.

The article is then devoted to the challenges and objectives of cybersecurity and presents recent feedback on the subject. It addresses risk avoidance methods based on intrusive testing, risk analysis or management of the software development process. The main risk mitigation solutions are also presented.

The article concludes by reviewing the normative and certification aspects related to the security of information technology.

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

  • Frédérique VALLÉE: Agrégée in mathematics – Doctorate in statistics - Expert in programmed system dependability and consultant

 INTRODUCTION

The safety of a system corresponds to the non-occurrence of events that could diminish or damage the integrity of the system and its environment, throughout the duration of the system's activity, whether successful, degraded or failed. Security covers both random (danger) and deliberate (threat) events.

Nowadays, virtually all sectors of activity, whether industrial or service, require high-level safety systems. These systems - particularly autonomous systems, which are increasingly entrusted with tasks for which humans are no longer in the loop - are highly constrained. They have to be developed at the lowest possible cost, are often at the frontiers of technological knowledge, and have little feedback from experience. Achieving these sometimes contradictory performances requires not only the use of specific tools, but also the rigorous implementation of an organization adapted to the objectives sought.

Nowadays, software plays a key role in embedded systems and in so-called control systems: it's software that starts or brakes cars, it's software that regulates the distribution of electricity on the national grid, it's software that dispatches telephone calls, and it's software that controls automated manufacturing in factories. It drives drones, and there are plans to entrust it with the driving of autonomous vehicles in the near future.

Since the advent of office automation, software has also been at the heart of the information system that no company can do without today. Today, this system enables companies to harmoniously manage customers, purchasing, production, accounting, personnel, and so on. In recent years, the need for widespread teleworking has further accentuated and complicated this relationship of dependence between the company and its information system.

Whether their main function is administrative or technical, programmed systems can, if they malfunction or are inadequately protected, cause human, material or economic disasters of varying scale. As computer technology is quite different from other technologies, it soon became clear that specific techniques were needed to manage the risks associated with these systems.

This article presents IT risks in general, then reviews the differences to be taken into account when managing the security of information systems and that of scientific and technical systems. It then looks more specifically at the techniques used for information systems, with aspects relating to scientific and technical systems covered in a second article

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors
+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year
From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Industry of the future

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
IT security for risk management