At QinetiQ, we are helping organisations to advance their digital resilience towards a business systems level view, integrating cyber security into standard delivery processes, enabling a context aware security culture to become secure by design.
A central concept of Secure by Design is that security risk management needs to be embedded throughout the whole lifecycle of system development from inception to design, implementation and service. Our Secure by Design approach will lead to the delivery of more secure business operations through better integration, simplified and consistent processes, clearer guidance, more flexibility and empowered decision making.
We use a standard engagement model, which has proven successful across a number of projects and clients in both Government and industry. The security engagement model is illustrated in the figure below.
Security Modelling
A Security Model depicts from a security perspective the proposed set of security domains, environment, connections, users, and potential attackers, for the agreed scope, including both internal and external agents. The Security Model can represent an ‘as-is’ or a ‘to-be’ model, for the system in question. Security Models allow us to work with the client to explore the system or project from a security perspective, exposing its users, interconnections and risks.
Security Discovery
Working closely with the client, we identify key systems and services, and the ‘As-Is’ position, from a security architecture perspective. We cover organisational security culture including governance and risk, technical security, monitoring, and incident response. The discovery exercise examines existing cyber-security artefacts relating to IT environments, and the business services they support, including both on-premises and cloud systems.
Processes, Procedures and Standards
We advise on the security governance aspects, including Processes and management arrangements, Procedures and Technical Security Standards in place for an agreed scope, along with the level of compliance with relevant security standards. This is all done within the context of a compliance regime.
This paper aims to provide clarity and demonstrate the very real and practical benefits of a Secure by Design future... and the risks, costs and problems caused by prevarication or inaction.
We have a large team of in-house Cyber specialists, supported by an extensive supplier network of Subject Matter Experts to provide specialist expertise on projects and programs beyond security architecture where required. Between our in-house staff and partners, we have access to an extensive partner network with access to Security Information Risk Advisors and Security Architects cleared to SC or higher.
Contact us
Looking for more information? Click here to email our team.