I agree with much that Chris says but the problem is that the high level standards bodies often have little practical day to day experience
at the interface between security and safety - indeed most industries are just waking up to the possibilities with ISIL in control of several
refineries and ATM towers (plus associated engineers).
Standards bodies seem to have little understanding of what their existing portfolio covers. and seem to want to create new standards, including much the same material as existing standards, rather than adopt their own existing standards.
In the case of (the latest buzz-word) "cyber security" the ISO 270xx family covers just about every eventuality. but just doesn't include the buzz-word. In the same way that ISO 26262 re-covers plenty of material from ISO 15288/12207 (etc)
I guess it just proves the old joke: The great thing about standards. there are plenty to choose from!
Regards
Andrew
This archive was generated by hypermail 2.3.0 : Mon Apr 22 2019 - 22:17:07 CEST