Information Safety

Improving technology through lessons from safety.

2016 STAMP/STPA Call for Participation open

Update: I gave a talk at SIRAcon 2016 on applying STPA/STPA-Sec to security threat modeling!

Beginning in 2012, MIT has held an annual STAMP (Systems-Theoretic Accident Model and Processes) / STPA (STAMP-Based Process Analysis) workshop to discuss systems safety engineering practices developed by Nancy Leveson detailed in her book, “Engineering a Safer World.” Interestingly, information security practitioners have participated in 3 of the past 4 workshops, beginning in 2012. STPA-Sec, developed by Nancy Leveson and Bill Young, extends STPA to security, and was originally presented in the 2014 STAMP/STPA workshop.

The Call for Participation for the 2016 STAMP workshop is open! Details are available on the PSAS (Partnership for a Systems Approach to Safety) website, the due date is December 10. The workshop itself will be held at MIT March 21-24, with no registration fee. I missed the 2015 workshop but hope to attend in 2016; I’m interested in learning more about STPA-Sec, which seems to be a promising alternative to existing infosec threat modeling approaches.