Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications

TL;DR

This paper systematically reviews integrated safety and security risk assessment methods, identifying key characteristics, applications, and the distinction between sequential and non-sequential approaches to improve future risk management.

Contribution

It provides a comprehensive overview and analysis of seven key methods, highlighting their characteristics and the importance of integration order.

Findings

Seven integrated risk assessment methods identified

Distinction between sequential and non-sequential integration

Framework for future development of assessment methods

Abstract

Over the last years, we have seen several security incidents that compromised system safety, of which some caused physical harm to people. Meanwhile, various risk assessment methods have been developed that integrate safety and security, and these could help to address the corresponding threats by implementing suitable risk treatment plans. However, an overarching overview of these methods, systematizing the characteristics of such methods, is missing. In this paper, we conduct a systematic literature review, and identify 7 integrated safety and security risk assessment methods. We analyze these methods based on 5 different criteria, and identify key characteristics and applications. A key outcome is the distinction between sequential and non-sequential integration of safety and security, related to the order in which safety and security risks are assessed. This study provides a basis for developing more effective integrated safety and security risk assessment methods in the future.