Getting serious about security assurance


By Codee Ludbey CPP Digital Lead at Norman Disney and Young, responsible for a team of security  professionals in New South Wales

My favourite explanation of the difference between safety and security is succinctly (and humorously) presented by Somerson (2009), who states that security is an approach to protect against the malicious actions of others, where safety is an approach to protect against the duncery of negligence.

Because we can all relate more easily to the the latter, we tend to have more conversations about making designs safe as opposed to secure. In the public consciousness, there is a higher duty to provide safety than security, and this shows in a variety of ways in the engineering industry.

For example, Safety in Design is thoroughly embedded in the typical design processes of any built environment practitioner. Many hours are spent in Safety in Design Workshops, filling in Safety in Design Registers, and developing comprehensive Safety in Design strategies.

On the other hand, Security in Design is still a new and emerging topic that few have actually applied properly outside of Government projects. Even where security in design is applied, the level of thoroughness and completeness from a security assurance perspective is often less developed than the safety in design process. This is probably due to the relative immaturity of security as a science, particularly as applied in the built environment.

Nevertheless, due to some recent observations and experiences with more rigorous security and safety assurance processes, I wanted to present an overview of how the two can be co-managed in the security risk management process. But, before we delve into security assurance, let’s start with a definition of safety assurance from Kelly & Weaver (2004)…Click here to find out more.