| Element | SUBSAFE | CYBERSAFE |
|---|---|---|
| Purpose | Watertight integrity, recoverability, and safety (weapon, fire, and nuclear) | Data integrity, privacy and security (tamper-free ability to recover from disruptions or misdirections). |
| Design requirements | Clean, concise and non-negotiable requirements | Same with the addition of Privilege Separation both at software and at process level, as well as the Principle of Least Priviledge at the individual level. |
| Audit | Multiple structured audits that hold personnel accountable at all levels for safety | Same. |
| Training | Annual mandatory training for everyone with a strong emphasis on emotional lessons from past failures | Same. |
| Material and fabrication | Controls and documentation in place to ensure correct material: receipt, inspection, storage, handling, installation. | Use of version control (e.g., git) not just for writing code but also for every piece of documentation and should be trackable and linked; application of robust and well-documented libraries within the stack and code reviews. |
| Testing | Involves a formal checklist to collect specific documentation and information, successful sea trials, and a secondary review before unrestricted operations | On top of penetration testing and security patches, application of DevOps and test-driven dev’t to every activity within the organization rendering tasks effortless and automated. |
Last active
October 6, 2019 20:02
-
-
Save dannycastonguay/93f593dd98d2df751a7092e9dde7cd4c to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment