Overview
Français
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Frédérique VALLÉE: Associate Professor of Mathematics - Doctor of Statistics - Expert in dependability of programmed systems - Associate Director of All4tec, Massy, France
INTRODUCTION
The safety of a system corresponds to the non-occurrence of events that could diminish or damage the integrity of the system and its environment, throughout the duration of the system's activity, whether successful, degraded or failed. Security covers both random (danger) and deliberate (threat) events.
For more than a quarter of a century, virtually all sectors of activity, both industrial and service, have had to rely on high-level safety systems. These systems, which also have to be developed at the lowest possible cost, are often at the frontiers of technological knowledge and have little feedback from experience. Achieving these two sometimes contradictory goals requires not only the use of specific tools, but also the rigorous implementation of an organization adapted to the objectives sought.
At the same time, software has gradually taken on a dominant role in on-board systems and in so-called control-command systems: it's software that starts or brakes cars, it's software that regulates electricity distribution in the national grid, it's software that dispatches calls in large telephone exchanges, and it's software that controls automated manufacturing in factories. There are even plans to entrust it with the entire operation of autonomous vehicles.
Since the advent of office automation, software has also been at the heart of the information system that no company can do without today. Today, this system enables companies to harmoniously manage customers, purchasing, production, accounting, personnel, and so on. In recent years, the spread of the Internet has further accentuated and complicated this relationship of dependence between the company and its information system.
Whether their main function is administrative or technical, programmed systems can, if they malfunction or are inadequately protected, cause human, material or economic disasters of varying scale.
As computer technology is quite different from other technologies, it soon became clear that specific techniques were needed to manage the risks associated with these systems.
In particular, this article distinguishes between the issues and methods used for information systems and for scientific and technical programmed systems. It then focuses on the techniques used for information systems, while aspects relating to scientific and technical programmed systems are covered in another article
The Ultimate Scientific and Technical Reference
EDITIONS
Other editions of this article are available:
This article is included in
Safety and risk management
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
IT security for risk management
IT risks
Bibliography
Bibliography
Websites
Federation of Professional Intrusive Testers (FPTI) http://www.fpti.pro/
French Information Systems Security Club (CLUSIF) http://www.clusif.asso.fr
Standards and norms
- Risk management – Vocabulary – Guidelines for use in standards - ISO 73 Guide ISO 73 - 12-09
- Information Technology – Safety technology – Information security management systems –Requirements - ISO CEI 27001 - 10-13
- Information Technology – Safety technology – Code of practice for information security management - ISO CEI 27002 - 09-13
- Information Technology – Safety technology – Guidelines for...
The Ultimate Scientific and Technical Reference
