Article | REF: SE2500 V3

IT security for risk management - Application to information systems

Author: Frédérique VALLÉE

Publication date: April 10, 2016

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


Overview

Français

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

  • Frédérique VALLÉE: Associate Professor of Mathematics - Doctor of Statistics - Expert in dependability of programmed systems - Associate Director of All4tec, Massy, France

 INTRODUCTION

The safety of a system corresponds to the non-occurrence of events that could diminish or damage the integrity of the system and its environment, throughout the duration of the system's activity, whether successful, degraded or failed. Security covers both random (danger) and deliberate (threat) events.

For more than a quarter of a century, virtually all sectors of activity, both industrial and service, have had to rely on high-level safety systems. These systems, which also have to be developed at the lowest possible cost, are often at the frontiers of technological knowledge and have little feedback from experience. Achieving these two sometimes contradictory goals requires not only the use of specific tools, but also the rigorous implementation of an organization adapted to the objectives sought.

At the same time, software has gradually taken on a dominant role in on-board systems and in so-called control-command systems: it's software that starts or brakes cars, it's software that regulates electricity distribution in the national grid, it's software that dispatches calls in large telephone exchanges, and it's software that controls automated manufacturing in factories. There are even plans to entrust it with the entire operation of autonomous vehicles.

Since the advent of office automation, software has also been at the heart of the information system that no company can do without today. Today, this system enables companies to harmoniously manage customers, purchasing, production, accounting, personnel, and so on. In recent years, the spread of the Internet has further accentuated and complicated this relationship of dependence between the company and its information system.

Whether their main function is administrative or technical, programmed systems can, if they malfunction or are inadequately protected, cause human, material or economic disasters of varying scale.

As computer technology is quite different from other technologies, it soon became clear that specific techniques were needed to manage the risks associated with these systems.

In particular, this article distinguishes between the issues and methods used for information systems and for scientific and technical programmed systems. It then focuses on the techniques used for information systems, while aspects relating to scientific and technical programmed systems are covered in another article [SE 2 501]...

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors
+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year
From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Security of information systems

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
IT security for risk management