Security analysis

from Wikipedia, the free encyclopedia

The safety analysis is part of the activities within the framework of safety management in an organization / company or is used to certify safety-critical products, for example aircraft. The aim of the security analysis is to recognize threats, to assess their probability of occurrence and damage potential and to estimate the risk for the organization from this or to design a product in such a way that corresponding security requirements are met.

IT security

This procedure is difficult to formalize, but attempts have been made in some areas to achieve standardization, for example within the framework of the ISO 17799 standard .

Security analysis means are both technical (including vulnerability scan and penetration test ) and process-oriented (discussions with responsible personnel or data protection officers, documentation analyzes or business process analysis).

The results of a security analysis should include the recommendation and implementation of measures to increase e.g. B. the IT security . In nuclear power plants , so-called probabilistic safety analyzes are carried out with the help of the probability calculation.


The sequence of a safety analysis of aircraft systems is described in ARP 4761 and ARP 4754 of the Society of Automotive Engineers (SAE). Depending on the severity of the effects of a fault on aircraft safety, different probabilities of the occurrence of this fault must be demonstrated. The probabilities for this are defined with an error per flight hour and are:

  • 10 −5 / flight hour for the "Major" category
  • 10 −7 / flight hour for the "Hazardous" or "Severe Major" category
  • 10 −9 / flight hour for the "Catastrophic" category

Evidence is provided to the aviation security authorities, for example the Federal Aviation Administration (FAA) and the European Aviation Safety Agency (EASA).

According to ARP 4761, the security analysis process comprises different steps:

  • Aircraft Functional Hazard Assessment (FHA)
  • Aircraft Fault Tree Analysis (FTA)
  • System Functional Hazard Assessment (FHA)
  • Preliminary System Safety Assessment (PSSA)
  • System Safety Assessment (SSA)
  • Common Cause Analysis (CCA)

See also

Individual evidence

  1. ^ A b c Society of Automotive Engineers : Aerospace Recommended Practice ARP4761: Guidelines and Methods for Conducting the Safety Assessment Process on Civil Airborne Systems and Equipment , December 1996
  2. ^ Society of Automotive Engineers : Aerospace Recommended Practice ARP4754: Certification Considerations for Highly-Integrated or Complex Aircraft Systems , November 1996
  3. a b SAE International: Guidelines and methods for conducting the safety assessment process on civil airborne systems and equipment, ARP4761 . In: The Engineering Society For Advancing Mobility Land Sea Air and Space (Ed.): Aerospace Recommended Practice . No. 4761 . Warrendale, PA December 1996, pp. 31 .

Web links