Society depends on highly connected and complex sociotechnical systems.The threats to systems have been increasing and the increased connectivity of systems exposes them to more frequent and different attacks. It also introduces more complex consequences of failure and interdependencies.
Security and safety are therefore closely interconnected and interdependent. A safety justification, or safety case, is incomplete and unconvincing without a consideration of the impact of security.
In other words “If it's not secure, it's not safe".
The suite of guidance documents below covers extensive information on the approach to security-informed safety assurance and the Claims, Arguments and Evidence (CAE) methodology.
The Introduction to guidance document provides an introduction to the significance of security-informed safety and overview of the suite of guidance resources.
These guidance can be divided into three layers:
- detailed generic guidance on security-informed safety – the overall approach
- practical illustrative example-based guidance
- a set of generic guides on assurance case concepts and their application that provide the basis for the other guides
- Rail Code of Practice for Security Informed Safety15-11-2022Download
- Security Informed Safety introduction to guidance15-11-2022Download
- Combined approach to developing security informed safety assurance15-11-2022Download
- Worked example requirements and policies assurance case15-11-2022Download
- Worked example architecture and implementation assurance case15-11-2022Download
- CAE Risk Assessment Process15-11-2022Download
- CAE one page mini guide15-11-2022Download
- CAE Concepts15-11-2022Download
- CAE Blocks and Connection Rules15-11-2022Download
- CAE Review and Challenge15-11-2022Download
- CAE Security Informed Hazard & Operability study (Hazop)15-11-2022Download