DfE Secure by Design Documentation
Working out the projects security risk appetite
Initializing search
GitHub
DfE Secure by Design Documentation
GitHub
Home
Example
Incident management
Secure by Design Principles
Continuous Assurance
Continuous Assurance
Asset attribution
Controls & Benchmarks
Continuous Assurance
Splunk
SbD Activities
SbD Activities
Agreeing a security controls set for your service
Agreeing roles and responsibilities
Assessing the effectiveness of security controls
Assessing the importance of service assets
Considering security within the business case
Discovering vulnerabilities
Documenting service assets
Evaluating the security impact of changes
Identifying security resources
Implementing a vulnerability management process
Managing observability
Managing third party product security risks
Performing a security risk assessment
Performing threat modelling
Responding to and mitigating security risks
Retiring service components securely
Sourcing a threat assessment
Tracking secure by design progress
Understanding business objectives and user needs
Understanding cyber security obligations
Working out the projects security risk appetite
Useful Documents
Useful Documents
Useful documents
Vulnerability Management
Vulnerability Management
Assessing Risks
Escalation processes
How to triage vulnerabilities
Vulnerability Disclosure Programme
Policies
Policies
01_policy_template_SBD
Secure by Design security incident management policy
Secure by Design threat intelligence policy
Secure by Design threat modelling policy
Secure by Design vulnerability management policy
Standards
Standards
Secure by Design - Digital Service Standards
Application Security Standards
Application Security Standards
Application Security Standards: Authenticating users
Application Security Standards: Handling files
Application Security Standards: Logging application errors and information
Application Security Standards: Processing User Input (input validation and sanitisation)
Application Security Standards: Protecting Data (Encryption and Cryptography)
Application Security Standards: Securing APIs
Working out the projects security risk appetite