Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Handbook of system safety and security : cyber risk and risk management, cyber security, threat analysis, functional safety, software systems, and cyber physical systems
Griffor E., Syngress Publishing, Cambridge, MA, 2016. 300 pp. Type: Book (978-0-128037-73-7)
Date Reviewed: Jan 26 2018

This book is broken down into three parts and 12 chapters; each chapter is authored by domain experts. The first chapter is an introduction to the book, authored by the book’s editor, and provides the motivation for an examination of system safety and security through a fairly general handbook. There is a need to examine system design with a view to providing safety and security with respect to technology, business, and government. The book primarily focuses on cyber-physical systems (CPS), more commonly known as the Internet of Things (IoT). Each chapter focuses on one specific topic and is typically between 15 to 35 pages in length. Even though each chapter is self-contained and written in the style of an academic paper, the book maintains a strong sense of consistency: the flow between chapters is seamless and the material is delivered in a logical manner.

The handbook is not aimed at complete novices. Rather it is most appropriate for those with some awareness of the field and a desire to expand or consolidate their understanding. Some chapters provide guidance supported by clear diagrams to help the reader, while others rely on a solid mathematical foundation.

Part 1 of the handbook deals with systems in general. Chapter 2 looks at the composition and integration of CPS. It examines a use case for semantic integration and provides a case for the use of a formal modeling tool to safely and securely integrate all the components in a system. This complements chapter 3, which focuses on software engineering using model-based deployment within safety-critical domains. These models are often generated by domain experts with little or no software engineering knowledge, and the embedded code is generated from these models.

Part 2 provides perspectives on safety and security. Chapter 4 examines the topic of system security and how it is fundamentally different from other design concerns such as safety and resilience. As a result of “an ever-changing operating environment, security faces an ever-evolving adversary.” Despite these challenges, systems are expected to continue to function as expected. The chapter introduces new modes of modeling security adversaries. Chapter 5 looks at the business of safety and the management of the risks associated with evermore complex systems such as autonomous vehicles. This leads to chapter 6, which looks at how to turn “cybersecurity policies and implementation ... into a commercial advantage” rather than thinking of it “as an additional [expense] that cannot be passed on to [the] customer and that therefore [is] not recoverable.” Chapter 7 focuses on reasoning about safety and security, and offers a framework for developing a safety case even in the absence of standards. The patterns of reasoning found in ISO 266262 dealing with automotive software safety offer hope in other domains. Finally, chapter 8 examines risk management and risk engineering. “Conventional approaches to the design, implementation, and validation of [information and communications technology (ICT)] systems deal with one ... or two system concerns at a time.” However, crosscutting concerns such as safety and security require techniques that effectively deal with multiple interdependencies. The chapter focuses on key challenges and issues, and builds a case for a risk ontology, risk modeling, and a risk language.

Part 3 examines the application of system safety and security. Chapter 9 examines a design methodology of the development of “resilient cloud services ... based on redundancy, diversity, shuffling, and autonomic management.” Chapter 10 looks at cloud and mobile cloud architectures and offers guidance on how “to analyze and make choices regarding cloud implementations” to ensure that they are safe and secure. Chapter 11 offers “a brief introduction to smart grid safety and security,” and chapter 12 ends the book with a discussion of “the algebra of systems and system interactions” using a smart grid as an application domain.

This is a well-written book. The chapters are by experts in the field and provide broad coverage of the issues related to safety and security in complex systems. The range of topics covered is broad and hence the depth is not as great as one would expect in a more focused textbook. However, the handbook is successful in meeting its aims to provide a broad understanding of the issues related to safety and security, and to provide a description of the current state of the art.

Reviewer:  Michael Oudshoorn Review #: CR145810 (1804-0176)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (K.6.5 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article
Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)
Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)
Oct 1 1991
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy