What Is Secure by Design?
What is security by design, and how do we do it?
Most organizations have underutilized security capabilities at their fingertips, as vendors frequently add new features that are not enabled by default. Rather than overspending on new security tools, optimize what you have, reducing attack surface and complexity.
The practice of threat modeling is an important component of a Secure by Design approach. It’s where we identify the product or system we are working on and analyze threats and weaknesses we want to mitigate to avoid undesirable consequences. We should be left with a set of achievable outcomes we can implement, monitor, and measure and work into future threat modeling cycles in a continuous fashion to reduce risk in our environment.
Cyber Informed Engineering a methodology proposed by US Department of Energy to establish Secure by Design thinking in the engineering process to achieve Critical Function Assurance. It leverages 12 core principles focused on reducing the consequences of failure for an organization's most critical functions.