Journal of Cybersecurity and Information Management

Journal DOI

https://doi.org/10.54216/JCIM

Submit Your Paper

2690-6775ISSN (Online) 2769-7851ISSN (Print)

Volume 9 , Issue 2 , PP: 8-19, 2022 | Cite this article as | XML | Html | PDF | Full Length Article

A Framework for creating a Safety and Security Management System (SSMS)

Robert Kemp 1 * , Richard Smith 2

  • 1 Cyber Technology Institute, School of Computer Science and Informatics, De Montfort University, Gateway House, Leicester, LE19BH - (p2548837@my365.dmu.ac.uk)
  • 2 Cyber Technology Institute, School of Computer Science and Informatics, De Montfort University, Gateway House, Leicester, LE19BH - (rgs@dmu.ac.uk)
  • Doi: https://doi.org/10.54216/JCIM.090201

    Received: February 2, 2022 Accepted: March 05, 2022
    Abstract

    Safety and security risks to critical infrastructure organizations are well known, and incidents in both fields have taken place. To help critical infrastructure organizations manage these areas, safety and security standards have been created.  The main aim of this paper is to present a framework that has been created to manage both safety and security by providing guidance on how to create a Safety and Security Management System (SSMS).   The framework identifies and remediates conflicts and issues between IT, OT, safety, and security. While also creating processes that can combine safety and security compliance to standards to reduce duplication of work and allow one process to manage both areas. A survey was carried out to understand if the framework would be of use to organizations and to better understand the issues users have with managing safety and security and how they manage conflicts that can occur.  The survey showed key areas of concern for organizations and how the framework can be of use to them.  It identified six themes from the research and identified improvements opportunities for the framework that can be implemented. 

    Keywords :

    Safety, Security, Critical Infrastructure, Management Systems

    References

    [1] C. Coglianese, 2010, Regulating from the Inside. 10.4324/9781936331345.

    [2] V. Holubová, 2016, Integrated safety management systems. Polish Journal of Management Studies, 14(1), pp.106-118.

    [3] T. Kutzler, A. Wolter, A. Kenner, & S. Dassow, 2021, Boosting Cyber-Physical System Security. IFAC-PapersOnLine. 54. 976-981. 10.1016/j.ifacol.2021.08.117.

    [4] H.D. Kysor, 1973,  Safety management system. Part I: the design of a system. Nat. Safety News. 108, 98–102.

    [5] F. Guldenmund & Y. Li, 2017, Safety management systems: A broad overview of the literature. Safety Science. 103. 94-123. 10.1016/j.ssci.2017.11.016.

    [6] J. Santos-Reyes & A. Beard, 2002, Assessing safety management systems. Journal of Loss Prevention in the Process Industries. 15. 77-95. 10.1016/S0950-4230(01)00066-3.

    [7] S. Smith, 2005, Safety management systems - New wine, old skins. 596- 599. 10.1109/RAMS.2005.1408428.

    [8] H. Floyd, 2011, Safety-Management Systems, in IEEE Industry Applications Magazine, vol. 17, no. 3, pp. 19-24, May-June. 10.1109/MIAS.2010.939622.

    [9] W. K. Law, A. Chan & K. F. Pun, 2006, Prioritising the safety management elements: A hierarchical analysis for manufacturing enterprises. Industrial Management and Data Systems. 106. 778-792. 10.1108/02635570610671470.

    [10] E. Bottani, L. Monica & G. Vignali, 2009, Safety management systems: Performance differences between adopters and non-adopters. Safety Science. 47. 155-162. 10.1016/j.ssci.2008.05.001.

    [11] H. Wolf, 2012, The emerging role of Safety Management Systems in aerospace. 10.1109/AERO.2012.6187419.

    [12] [DM17] D. Maurino, Accessed 2021, Why SMS: An Introduction and Overview of Safety Management Systems.  https://www.itf-oecd.org/why-safety-management-systems

    [13] J. Lappalainen, Overcoming Obstacles to Implementing SMS, Accessed 2021. https://www.itf-oecd.org/overcoming-obstacles-implementing-sms

    [14] J. Pariès, L. Macchi, C. Valot, & S. Derhavengt, 2019, Comparing HROs and RE in the light of safety management systems. Saf. Sci. 117, 501–511.

    [15] B. Accou & G. Reniers, 2020, Introducing the Extended Safety Fractal: Reusing the Concept of Safety Management Systems to Organize Resilient Organizations. International Journal of Environmental Research and Public Health. 17. 5478. 10.3390/ijerph17155478.

    [16] J. Broderick, 2006, ISMS, security standards and security regulations. Information Security Technical Report. 11. 26-31. 10.1016/j.istr.2005.12.001.

    [17] B. AbuSaad, F.A. Saeed, K. Alghathbar & B. Khan, 2011, Implementation of ISO 27001 in Saudi Arabia–obstacles, motivations, outcomes, and lessons learned", in Proceedings of the 9th Australian Information Security Management Conference, Perth Western Australia, pp. 1-9.

    [18] K. Alshitri & A. Abanumy, 2014, Exploring the Reasons behind the Low ISO 27001 Adoption in Public Organizations in Saudi Arabia. ICISA 2014 - 2014 5th International Conference on Information Science and Applications. 1-4. 10.1109/ICISA.2014.6847396.

    [19] S. Aleksandrova, V. Vasiliev & M. Aleksandrov, 2020, Problems of Implementing Information Security Management Systems. 78-81. 10.1109/ITQMIS51053.2020.9322896.

    [20] M. Brunner, C. Sillaber & R. Breu, 2017, Towards automation in information security management systems. 10.1109/QRS.2017.26.

    [21] I. Bongiovanni, 2020, Designing User-Centric Information Security Management Systems in Financial Services Organisations. 192-199. 10.1109/CIC50333.2020.9492732.

    [22] A. Hassanzadeh, A. Rasekh, S. Galelli, M. Aghashahi, R. Taormina, A. Ostfeld & K. Banks, 2020, A Review of Cybersecurity Incidents in the Water Sector. Journal of Environmental Engineering. 146. 10.1061/(ASCE)EE.1943-7870.0001686.

    [23] G. Brown, J. Munro, H. Kobryn & S. Moore, 2017, Mixed methods participatory GIS: An evaluation of the validity of qualitative and quantitative mapping methods. Applied Geography. 79. 10.1016/j.apgeog.2016.12.015.

    [24] H. Mokalled, C. Pragliola, D. Debertol, E. Meda & R. Zunino, 2019,  A Comprehensive Framework for the Security Risk Management of Cyber-Physical Systems. 10.1007/978-3-319-95597-1_3.

    [25] K. Su, I. Liu & J. Li, 2021. The Security Challenges with The Widespread Use of IT Infrastructure in ICS. Proceedings of International Conference on Artificial Life and Robotics. 26. 413-416. 10.5954/ICAROB.2021.OS7-1.

    [26] [RR20] R. Ramirez & N. Choucri, 2020, Improving Interdisciplinary Communication With Standardized Cyber Security Terminology: A Literature Review.

    Cite This Article As :
    Kemp, Robert. , Smith, Richard. A Framework for creating a Safety and Security Management System (SSMS). Journal of Cybersecurity and Information Management, vol. , no. , 2022, pp. 8-19. DOI: https://doi.org/10.54216/JCIM.090201
    Kemp, R. Smith, R. (2022). A Framework for creating a Safety and Security Management System (SSMS). Journal of Cybersecurity and Information Management, (), 8-19. DOI: https://doi.org/10.54216/JCIM.090201
    Kemp, Robert. Smith, Richard. A Framework for creating a Safety and Security Management System (SSMS). Journal of Cybersecurity and Information Management , no. (2022): 8-19. DOI: https://doi.org/10.54216/JCIM.090201
    Kemp, R. , Smith, R. (2022) . A Framework for creating a Safety and Security Management System (SSMS). Journal of Cybersecurity and Information Management , () , 8-19 . DOI: https://doi.org/10.54216/JCIM.090201
    Kemp R. , Smith R. [2022]. A Framework for creating a Safety and Security Management System (SSMS). Journal of Cybersecurity and Information Management. (): 8-19. DOI: https://doi.org/10.54216/JCIM.090201
    Kemp, R. Smith, R. "A Framework for creating a Safety and Security Management System (SSMS)," Journal of Cybersecurity and Information Management, vol. , no. , pp. 8-19, 2022. DOI: https://doi.org/10.54216/JCIM.090201