Safety, Security and Reliability of complex systems are the three interacting and most important risk related factors. In many cases of failure event, the Security function assumes charge, and manages the failure event and its resolution. But does the Security function consistently apply the optimal failure resolution methods? We propose that several organizational functions, including Information Security (IS), should analyze, manage, and resolve each case of failure in a coordinated effort, based on the failure classification and prioritization, and then apply appropriate Corrective Actions (CA). Such coordination may result in applying a CA that is sub-optimal by Security standards, yet optimal from the organization's perspective. In this paper we present an innovative composite methodology for identifying, prioritizing and selecting failures and incidents for appropriate treatment. The methodology is based on organizational priorities, knowledge and considers the analyses results of End Effects (EE), solutions and CAs.
