Journal of Network and Information Security

Open Access Open Access  Restricted Access Subscription Access
Open Access Open Access Open Access  Restricted Access Restricted Access Subscription Access

Combining Security and Safety Risk Management in Critical Infrastructure


Affiliations
1 De Montfort University, Leicester, England, United Kingdom
     

   Subscribe/Renew Journal


Within the critical infrastructure sector, risk management for safety and security are often treated as disjoint processes. Separating these processes creates duplication of effort when safety and security concerns align, and it will obscure the situations where a trade-off between safety and security needs to be resolved. This paper proposes a risk management process that enables an organisation to carry out safety and security risk assessment within one combined process. The results show that this is possible, but changes need to be made within the organisation and the process for it to be successful. Some examples of the changes are around terminology used, culture and how threats and hazards are assessed. The combining of the risk management process for safety and security can also support compliance to safety and security standards. Often organisations will need to comply with both standards and can leverage the combined risk management process to allow compliance without creating two separate risk management processes.

Keywords

Critical infrastructure, Risk Management, Safety, Security, Standards.
Subscription Login to verify subscription
User
Notifications
Font Size



  • Combining Security and Safety Risk Management in Critical Infrastructure

Abstract Views: 430  |  PDF Views: 0

Authors

Robert Kemp
De Montfort University, Leicester, England, United Kingdom
Richard Smith
De Montfort University, Leicester, England, United Kingdom

Abstract


Within the critical infrastructure sector, risk management for safety and security are often treated as disjoint processes. Separating these processes creates duplication of effort when safety and security concerns align, and it will obscure the situations where a trade-off between safety and security needs to be resolved. This paper proposes a risk management process that enables an organisation to carry out safety and security risk assessment within one combined process. The results show that this is possible, but changes need to be made within the organisation and the process for it to be successful. Some examples of the changes are around terminology used, culture and how threats and hazards are assessed. The combining of the risk management process for safety and security can also support compliance to safety and security standards. Often organisations will need to comply with both standards and can leverage the combined risk management process to allow compliance without creating two separate risk management processes.

Keywords


Critical infrastructure, Risk Management, Safety, Security, Standards.

References