EPSS Config Roadmap
Establishing a plan of action to start prioritizing configuration flaws
The practice of threat modeling is an important component of a Secure by Design approach. It’s where we identify the product or system we are working on and analyze threats and weaknesses we want to mitigate to avoid undesirable consequences. We should be left with a set of achievable outcomes we can implement, monitor, and measure and work into future threat modeling cycles in a continuous fashion to reduce risk in our environment.
Cyber Informed Engineering a methodology proposed by US Department of Energy to establish Secure by Design thinking in the engineering process to achieve Critical Function Assurance. It leverages 12 core principles focused on reducing the consequences of failure for an organization's most critical functions.
The topic of Secure by Design encompasses the practice of designing for security as a functional requirement. It embodies a culture of understanding and empowerment in pursuit of designing and implementing more resilient systems.