Strengthening information technology security through the failure modes and effects analysis approach

Abstract

Proper protection of information systems is a major quality issue of organizational risk management. Risk management is a process whereby risk factors are identified and then virtually eliminated. Failure modes and effects analysis (FMEA) is a risk management methodology for identifying system’s failure modes with their effects and causes. FMEA identifies potential weaknesses in the system. This approach allows companies to correct areas identified through the process before the system fails. In this paper, we identify several critical failure factors that may jeopardize the security of information systems. In doing this, we systematically identify, analyze, and document the possible failure modes and the possible effects of each failure on the system. The proposed cybersecurity FMEA (C-FMEA) process results in a detailed description of how failures influence the system’s performance and how they can be avoided. The applicability of the proposed C-FMEA is illustrated with an example from a regional airport.