Secure by Design Activities
Guidance for delivery teams and security professionals to help them achieve the Secure by Design principles.
These recommended activities provide good practice guidance that can be tailored to reflect your organisation’s specific structure, processes and resources. They can be applied to both new and active services at different stages of the delivery lifecycle.
Examples and tools are provided to help teams implement each activity. The implementation guide includes details of how teams can prepare for transition to Secure by Design within the required timescales.
How Senior Responsible Officers (SROs), service owners and product managers should allocate the appropriate budget, resources and skills to ensure security is embedded within service delivery.
How business analysts, product managers and user researchers should involve security and technical architects in considering security in a broader business context.
How security professionals and delivery teams can assess threats and reduce cyber security risks by building appropriate security protection in the service.
- Documenting service assets
- Assessing the importance of service assets
- Sourcing a threat assessment
- Performing threat modelling
- Performing a security risk assessment
- Agreeing a security controls set for your service
- Responding to and mitigating security risks
- Assessing the effectiveness of security controls
How architects, developers and delivery teams can proactively and reactively manage weaknesses in the service to prevent potential security incidents.
How project managers can work with delivery teams to keep track of how the Secure by Design approach is being followed throughout the lifecycle of a service.