Claudius LinkMay 3, 2024

Through the upcoming #PapersInSystems discussion I discovered Nancy G. Leveson and her work on #SafetyEngineering and software safety through a systemic perspective

It is fascinating and feels very applicable to #cybersecurity

In their approach STAMP
(System-Theoretic Accident Model and Processes) safety is treated as a dynamic control problem rather than a failure prevention problem and especially takes emergent properties into account. (Emergent properties, are properties that are not in the summation of the individual components but "emerge” when the components interact)

There are a lot of touchpoints with security #ThreatModelling

Therfore cc @adamshostack
Maybe the event is interesting for you?

Discussion session: How to Perform Hazard Analysis on a "System-of-Systems" by Nancy Leveson
Monday, May 6th, 2024, 1 PM - 2 PM Eastern Time (US/Canada).

See @RuthMalan post https://mastodon.social/@RuthMalan/112248634077392391

Show threadAdam Shostack  May 3, 2024
@realn2s @RuthMalan her work on systems is very applicable to cyber - I assign a chapter of her Safer World book in my UW course. And I think that the work to adopt STAMP + family to cyber hasn't been as concrete.
Show threadAdam Shostack  
@realn2s @RuthMalan Specifically this puts so much in context https://systemsthinkinglab.wordpress.com/stamp/
Hierarchical Safety Control Structure Diagram

In this approach, a system is viewed as hierarchical structures where each level imposes constraints on the activities of the level beneath them and accidents are viewed as the consequence of inade…

May 3, 2024 at 1:50pmWeb