Security by design#
Problem#
Starting with security by design is difficult. Especially when working within an organisation or team where priorities are elsewhere.
Starting with security by-design can be overwhelming and frustrating. Thousands of good and bad books, articles and blogs are created. But how to start simple and effective with security-by-design?
“Secure by design” means that technology products are built in a way that reasonably protects against malicious cyber actors successfully gaining access to devices, data, and connected infrastructure
Solution#
Avoid expensive paid courses and training when starting. First get a good and quick picture of what it really is.
Read a good simple open access resource that you can share, use and improve. Of course I recommend using the NO|Complexity Security By Design Guide . Its short, simple and covers the essentials!
Use security principles and policies. If possible enforce policies automatically, since we humans sometimes forget some things and we are vulnerable for distraction by design. Advocate and practice continuous learning. Every new technology comes with old and new vulnerabilities that should be mitigated from the start!
Find allies in your organisation. Start by raising awareness and the need for a strong change in mindset to be more resilient in the future. Security is not only something for IT people, but it involves all stakeholders within an organisation.
Remember:
Security by design is not a product. Security by design is a philosophy to always do the right things from a cyber security perspective.