Changes

* Identify and classify risks associated to the service’s business objectives, goals, and strategy

* Identify and classify risks associated to the service’s business objectives, goals, and strategy

* Design security measures according to business and user needs, risks identified, and security categorization of the information and assets; integrate security across all architectural layers (BIAT)

* Design security measures according to business and user needs, risks identified, and security categorization of the information and assets; integrate security across all architectural layers (BIAT)

* Design systems to not be susceptible to common security vulnerabilities; resilient and can be rebuilt quickly in the event of compromise; and fail secure if the system encounters an error or crashes

* Use the DevSecOps approach to address security requirements throughout all the stages of the system development life cycle, including using threat modeling to harden systems against cyber threats and vulnerabilities

* Ensure that data received from external parties is profiled and validated prior to its use

* Design security mechanisms to support service continuity. This includes designing processes to restore the service, system/data back-ups and contingency plan

* Design measures to adequately protect data at rest and data in transit, and ensure that data received from external parties is profiled and validated prior to its use

<br>

<br>