Changes

Jump to navigation Jump to search
no edit summary
Line 134: Line 134:  
* Identify and classify risks associated to the service’s business objectives, goals, and strategy
 
* Identify and classify risks associated to the service’s business objectives, goals, and strategy
 
* Design security measures according to business and user needs, risks identified, and security categorization of the information and assets; integrate security across all architectural layers (BIAT)
 
* Design security measures according to business and user needs, risks identified, and security categorization of the information and assets; integrate security across all architectural layers (BIAT)
* Design systems to not be susceptible to common security vulnerabilities; resilient and can be rebuilt quickly in the event of compromise; and fail secure if the system encounters an error or crashes
+
* Use the DevSecOps approach to address security requirements throughout all the stages of the system development life cycle, including using threat modeling to harden systems against cyber threats and vulnerabilities
* Ensure that data received from external parties is profiled and validated prior to its use
+
* Design security mechanisms to support service continuity. This includes designing processes to restore the service, system/data back-ups and contingency plan
 +
* Design measures to adequately protect data at rest and data in transit, and ensure that data received from external parties is profiled and validated prior to its use
 
<br>
 
<br>
  

Navigation menu

GCwiki