Computer systems & information SSR: a unified approach for decision making

Safety, Security and Reliability (SSR) of complex systems are the three interacting and most important risk related factors. In many cases of failure events, the Security function assumes charge, and manages the failure event and its resolution. But does the Security function consistently apply the optimal failure resolution methods? This paper proposes that several organizational functions, including Information Security (IS), should analyze, manage, and resolve each failure case in a coordinated effort, based on the failure classification and prioritization, and then apply appropriate Corrective Actions (CA). Such coordination may result in applying a CA that is sub-optimal by Security standards, yet optimal from the organization's perspective. An innovative composite methodology for identifying, prioritizing and selecting failures and incidents for appropriate treatment is suggested. The methodology is based on organizational priorities, knowledge and considers the analyses results of End Effects (EE), solutions and CAs.