Author :
Shirtz, Dov ; Bluvband, Zigmund ; Elovici, Yuval ; Shoval, Peretz
Abstract :
Safety, security and reliability (SSR) of complex systems are the three interacting and most important risk related factors. In many cases of failure events, the security function assumes charge, and manages the failure event and its resolution. But does the security function consistently apply the optimal failure resolution methods? This paper proposes that several organizational functions, including information security (IS), should analyze, manage, and resolve each failure case in a coordinated effort, based on the failure classification and prioritization, and then apply appropriate corrective actions (CA). Such coordination may result in applying a CA that is sub-optimal by Security standards, yet optimal from the organization´s perspective. An innovative composite methodology for identifying, prioritizing and selecting failures and incidents for appropriate treatment is suggested. The methodology is based on organizational priorities, knowledge and considers the analyses results of end effects (EE), solutions and CAs.
Keywords :
decision making; failure analysis; reliability; safety; Computer systems; corrective actions; decision making; end effects; failure event; failure events; information SSR; information security; organizational functions; reliability; risk related factors; safety; security; Cause effect analysis; Computer security; Decision making; Failure analysis; Information analysis; Information security; Logistics; Software debugging; Software safety; Throughput;
