Information Safety

Improving technology through lessons from safety.

2016 STAMP/STPA Call for Participation open

Beginning in 2012, MIT has held an annual STAMP (Systems-Theoretic Accident Model and Processes) / STPA (STAMP-Based Process Analysis) workshop to discuss systems safety engineering practices developed by Nancy Leveson detailed in her book, “Engineering a Safer World.” Interestingly, information security practitioners have participated in 3 of the past 4 workshops, beginning in 2012. STPA-Sec, developed by Nancy Leveson and Bill Young, extends STPA to security, and was originally presented in the 2014 STAMP/STPA workshop.

The Call for Participation for the 2016 STAMP workshop is open! Details are available on the PSAS (Partnership for a Systems Approach to Safety) website, the due date is December 10. The workshop itself will be held at MIT March 21-24, with no registration fee. I missed the 2015 workshop but hope to attend in 2016; I’m interested in learning more about STPA-Sec, which seems to be a promising alternative to existing infosec threat modeling approaches.

comment

Information Safety Launch

Three years in the making, information-safety.org is finally launching. As I have studied and learned more about safety, I’ve become increasingly convinced that the Information Security world can benefit from safety risk management methods. I’ve started this site to both share what I’m learning and to invite others to join in the search.

We’re hosted on GitHub, to encourage collaboration and continuous development. You can currently read more about information safety, peruse a collection of resources on safety risk management, contribute directly to the website, or join the LinkedIn group.

comment