Accessibility statement

Back to list of courses

Back to System Safety Engineering

Security for Safety Critical Systems (SESA)

Course details

Book course online button


System Safety Engineering employs a top-down approach that helps developers incorporate safety features that will ensure that an acceptable, or at worst tolerable, level of safety is achieved.  Safety assumes a dumb environment where if an internal or external event happens the system will react in a repeatable way. So a safety function can be relied on to address a set of input conditions. Furthermore, very rare input conditions remain very rare and therefore can be addressed using a risk based framework.

There is growing awareness that this model for safety may be flawed when it comes to the potential for cyber security issues to affect safety. Security attackers are potentially actively searching the input space for a system to find input sets that may have safety implications, thus making these input conditions less rare. They may use mechanisms such as fail-safe to generate denial of service, or put the system into an unsafe state. Once they can do this for a single example of the system they can potentially do it for all examples of that system.

Considerable work is ongoing in academic and industrial practitioner communities to address these issues. This course addresses these issues. It aims to

  • provide a broad awareness of security principles, measures and techniques that safety practitioners need to be aware of
  • provide a critical understanding of the interrelationships between safety and security and how security threats can develop into hazardous events 
  • address the elements identified in following figure

By the end of this course you will be able to:

  • Differentiate between confidentiality, integrity and availability
  • Define and explain security definitions and concepts
  • Summarise the differences between types of security (physical, information, data network)
  • Define and explain information security risk management activities throughout the system lifecycle (development, monitoring and change)
  • Identify information security methods and considerations
  • Describe architectural approaches to mitigating security risk
  • Describe current approaches to security regulation for safety-critical systems.

  • Explain the content and differences between security standards
    e.g. ED-202, ED-203, ED-204, ISO27005:2011
  • Assess the interdependencies between safety and security
  • Participate in a security-safety  risk assessment
  • Describe the current limitations of the engineering of safe and secure systems
  • Describe the concept of assurance cases for safety and security

Who is the course for?

This course is suitable for:

  • System Safety practitioners across all domains including railway, automotive, aerospace, military, civil nuclear, civil maritime, medical devices, healthcare, SCADA users and so on;
  • Developers of safety-critical and safety related equipment and changes to such systems;
  • Developers of safety cases for Designs, operational safety and disposal;
  • Reviewers of safety analysis and safety cases within an organisation or as an independent activity;
  • Project managers where the development of a safety case is a significant element of projects they manage;
  • Regulators of safety critical domains.


A basic understanding of system safety terminology and lifecycle via prior learning or industrial experience. It is useful for you to have taken our Foundations of System Safety Engineering course, but if you have not, please email us with your details so we can check your suitability for taking this course.

How is the course taught?

The course takes place over one week at the University of York. This week consists of a mixture of lectures and practicals, but we expect you to put in around 30 hours of private study.

Over the week, there will be a series of lectures and a number of case studies. The case studies give you the chance to work through an example to reinforce your learning from the lectures. This is also a chance to gain other insights from the experience and knowledge of other delegates. You will also be able to call on the experience and knowledge of our specialised teaching staff during these sessions.  

The course ends with an assessed exercise, which you have the option of completing. It takes approximately 35 hours in addition to the scheduled teaching time and can be completed on or off site. All assessed exercises are open (so you won't take an exam in supervised conditions), and comprise a report, case study, or documented piece of software.

If you choose to take and pass your assessment, your results can count towards the completion of the MSc in Safety Critical Systems Engineering. Our MSc in Safety Critical Systems Engineering is an accredited course, recognised by both the BCS, the Chartered Institute for IT and the Institution of Engineering and Technology (IET) for the purposes of partial fulfilment of the educational requirement for CEng registration.

Logo from BCS (Chartered Institute of IT) showing our accredited status

IET Accredited programmes logo

Find out more about what this professional accreditation means.

Recommended reading

These details are not yet available - recommended reading will be published shortly.

Charles P. Pfleeger and Shari L. Pfleeger Security in computing  Prentice Hall  2007 
Dieter Gollmann Computer security Wiley 2006
Ross J. Anderson Security engineering: a guide to build dependable distributed systems Wiley 2001




Book your place

Book your place

 The next FSSE instance will commence w/c 3rd May 2021.

Before booking, please read our Booking Conditions (PDF , 104kb).

To book your place, please complete the booking form and payment form below and return to our Student & Academic Administration Team. Payment can be made online via credit/debit card.

CPD Booking Form (MS Word , 62kb)

CPD Payment Form 2020-21 (MS Word , 65kb)

If you have any queries, please contact Heather Taylor, our course administrator, or call 01904 325536.