What is involved in Secure by design
Find out what the related areas are that Secure by design connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Secure by design thinking-frame.
How far is your company on its Secure by design journey?
Take this short survey to gauge your organization’s progress toward Secure by design leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.
To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.
Start the Checklist
Below you will find a quick checklist designed to help you think about which Secure by design related domains to cover and 149 essential critical questions to check off in that domain.
The following domains are covered:
Secure by design, Antivirus software, Application security, Best coding practices, Buffer overflow, C standard library, Call stack, Computer access control, Computer code, Computer crime, Computer network, Computer security, Computer virus, Computer worm, Cryptographic hash function, Cyber security standards, Data-centric security, Denial of service, Dog food, Format string attack, Home directory, Information security, Internet security, Intrusion detection system, Intrusion prevention system, Linus’ law, Logic bomb, Machine code, Malicious user, Mobile secure gateway, Mobile security, Multi-factor authentication, Multiple Independent Levels of Security, Network security, Operating system shell, Principle of least privilege, SQL injection, Secure by default, Secure coding, Security-focused operating system, Security by design, Security through obscurity, Software Security Assurance, Software design, Software engineering, Trojan horse, Undefined behavior, User identifier, Web server:
Secure by design Critical Criteria:
Rank Secure by design risks and drive action.
– How do your measurements capture actionable Secure by design information for use in exceeding your customers expectations and securing your customers engagement?
– Are we making progress? and are we making progress as Secure by design leaders?
Antivirus software Critical Criteria:
Conceptualize Antivirus software strategies and budget for Antivirus software challenges.
– Is Secure by design dependent on the successful delivery of a current project?
– What is our formula for success in Secure by design ?
Application security Critical Criteria:
Define Application security adoptions and get going.
– For your Secure by design project, identify and describe the business environment. is there more than one layer to the business environment?
– Do we aggressively reward and promote the people who have the biggest impact on creating excellent Secure by design services/products?
– Is maximizing Secure by design protection the same as minimizing Secure by design loss?
– Who Is Responsible for Web Application Security in the Cloud?
Best coding practices Critical Criteria:
Systematize Best coding practices results and oversee Best coding practices management by competencies.
– Does Secure by design create potential expectations in other areas that need to be recognized and considered?
– How will you measure your Secure by design effectiveness?
– How do we keep improving Secure by design?
Buffer overflow Critical Criteria:
Conceptualize Buffer overflow issues and define what do we need to start doing with Buffer overflow.
– How will we insure seamless interoperability of Secure by design moving forward?
– How do we Improve Secure by design service perception, and satisfaction?
– What are the short and long-term Secure by design goals?
C standard library Critical Criteria:
Mine C standard library risks and get out your magnifying glass.
– Do we monitor the Secure by design decisions made and fine tune them as they evolve?
– How do we Identify specific Secure by design investment and emerging trends?
– How much does Secure by design help?
Call stack Critical Criteria:
Co-operate on Call stack projects and summarize a clear Call stack focus.
– What management system can we use to leverage the Secure by design experience, ideas, and concerns of the people closest to the work to be done?
Computer access control Critical Criteria:
Participate in Computer access control quality and assess and formulate effective operational and Computer access control strategies.
– Marketing budgets are tighter, consumers are more skeptical, and social media has changed forever the way we talk about Secure by design. How do we gain traction?
– What is the source of the strategies for Secure by design strengthening and reform?
– Is Secure by design Required?
Computer code Critical Criteria:
Match Computer code tactics and customize techniques for implementing Computer code controls.
– While it seems technically very likely that smart contracts can be programmed to execute the lifecycle events of a financial asset, and that those assets can be legally enshrined in computer code as a smart asset, how are they governed by law?
– How do you determine the key elements that affect Secure by design workforce satisfaction? how are these elements determined for different workforce groups and segments?
– What are the top 3 things at the forefront of our Secure by design agendas for the next 3 years?
– How can skill-level changes improve Secure by design?
Computer crime Critical Criteria:
Collaborate on Computer crime visions and devise Computer crime key steps.
– Will Secure by design deliverables need to be tested and, if so, by whom?
– Are assumptions made in Secure by design stated explicitly?
– How to Secure Secure by design?
Computer network Critical Criteria:
Detail Computer network failures and oversee implementation of Computer network.
– Is the illegal entry into a private computer network a crime in your country?
– What are the Key enablers to make this Secure by design move?
– What are the Essentials of Internal Secure by design Management?
– What are current Secure by design Paradigms?
Computer security Critical Criteria:
Trace Computer security failures and suggest using storytelling to create more compelling Computer security projects.
– Does your company provide end-user training to all employees on Cybersecurity, either as part of general staff training or specifically on the topic of computer security and company policy?
– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these Secure by design processes?
– Will the selection of a particular product limit the future choices of other computer security or operational modifications and improvements?
– What sources do you use to gather information for a Secure by design study?
– Do you monitor the effectiveness of your Secure by design activities?
Computer virus Critical Criteria:
Grade Computer virus visions and describe the risks of Computer virus sustainability.
– Who sets the Secure by design standards?
– How can the value of Secure by design be defined?
– Are there recognized Secure by design problems?
Computer worm Critical Criteria:
Troubleshoot Computer worm engagements and modify and define the unique characteristics of interactive Computer worm projects.
– What are your key performance measures or indicators and in-process measures for the control and improvement of your Secure by design processes?
– Which individuals, teams or departments will be involved in Secure by design?
Cryptographic hash function Critical Criteria:
Survey Cryptographic hash function quality and visualize why should people listen to you regarding Cryptographic hash function.
– What is our Secure by design Strategy?
Cyber security standards Critical Criteria:
Align Cyber security standards leadership and know what your objective is.
– Are there any easy-to-implement alternatives to Secure by design? Sometimes other solutions are available that do not require the cost implications of a full-blown project?
– Does Secure by design systematically track and analyze outcomes for accountability and quality improvement?
Data-centric security Critical Criteria:
Adapt Data-centric security strategies and balance specific methods for improving Data-centric security results.
– Who is responsible for ensuring appropriate resources (time, people and money) are allocated to Secure by design?
– What is data-centric security and its role in GDPR compliance?
– Is there any existing Secure by design governance structure?
Denial of service Critical Criteria:
Audit Denial of service risks and secure Denial of service creativity.
– An administrator is concerned about denial of service attacks on their virtual machines (vms). what is an effective method to reduce the risk of this type of attack?
– How easy would it be to lose your service if a denial of service attack is launched within your cloud provider?
– How can you negotiate Secure by design successfully with a stubborn boss, an irate client, or a deceitful coworker?
– What ability does the provider have to deal with denial of service attacks?
– What vendors make products that address the Secure by design needs?
– How do we maintain Secure by designs Integrity?
Dog food Critical Criteria:
Analyze Dog food leadership and define what do we need to start doing with Dog food.
– Can we add value to the current Secure by design decision-making process (largely qualitative) by incorporating uncertainty modeling (more quantitative)?
– What new services of functionality will be implemented next with Secure by design ?
Format string attack Critical Criteria:
Steer Format string attack visions and gather practices for scaling Format string attack.
– Is the Secure by design organization completing tasks effectively and efficiently?
– Have you identified your Secure by design key performance indicators?
Home directory Critical Criteria:
Accommodate Home directory engagements and suggest using storytelling to create more compelling Home directory projects.
– Is there a Secure by design Communication plan covering who needs to get what information when?
– Do we have past Secure by design Successes?
Information security Critical Criteria:
Jump start Information security goals and develop and take control of the Information security initiative.
– Has the organization established an enterprise-wide business continuity/disaster recovery program that is consistent with requirements, policy, and applicable guidelines?
– Are information security policies and other relevant security information disseminated to all system users (including vendors, contractors, and business partners)?
– Does the ISMS policy provide a framework for setting objectives and establishes an overall sense of direction and principles for action with regard to information security?
– Are information security roles and responsibilities coordinated and aligned with internal roles and external partners?
– Does your company have a current information security policy that has been approved by executive management?
– Are we requesting exemption from or modification to established information security policies or standards?
– Are information security policies reviewed at least once a year and updated as needed?
– What is true about the trusted computing base in information security?
– Is there a business continuity/disaster recovery plan in place?
– : Return of Information Security Investment, Are you spending enough?
– What is the main driver for information security expenditure?
– What is the goal of information security?
– What is information security?
Internet security Critical Criteria:
Set goals for Internet security management and find the essential reading for Internet security researchers.
– How do we go about Comparing Secure by design approaches/solutions?
– Is a Secure by design Team Work effort in place?
Intrusion detection system Critical Criteria:
Accumulate Intrusion detection system adoptions and integrate design thinking in Intrusion detection system innovation.
– Can intrusion detection systems be configured to ignore activity that is generated by authorized scanner operation?
– Does Secure by design analysis isolate the fundamental causes of problems?
– What is a limitation of a server-based intrusion detection system (ids)?
– What are the business goals Secure by design is aiming to achieve?
Intrusion prevention system Critical Criteria:
Think about Intrusion prevention system planning and revise understanding of Intrusion prevention system architectures.
– Are security alerts from the intrusion detection or intrusion prevention system (ids/ips) continuously monitored, and are the latest ids/ips signatures installed?
– Is a intrusion detection or intrusion prevention system used on the network?
Linus’ law Critical Criteria:
Wrangle Linus’ law engagements and look at the big picture.
– To what extent does management recognize Secure by design as a tool to increase the results?
– What is the purpose of Secure by design in relation to the mission?
Logic bomb Critical Criteria:
Administer Logic bomb goals and explore and align the progress in Logic bomb.
– Risk factors: what are the characteristics of Secure by design that make it risky?
Machine code Critical Criteria:
Devise Machine code adoptions and test out new things.
– Have all basic functions of Secure by design been defined?
– What will drive Secure by design change?
Malicious user Critical Criteria:
Communicate about Malicious user outcomes and do something to it.
– Is there an account-lockout mechanism that blocks a maliCIOus user from obtaining access to an account by multiple password retries or brute force?
– When authenticating over the internet, is the application designed to prevent maliCIOus users from trying to determine existing user accounts?
Mobile secure gateway Critical Criteria:
Examine Mobile secure gateway projects and document what potential Mobile secure gateway megatrends could make our business model obsolete.
– Is Supporting Secure by design documentation required?
– How can you measure Secure by design in a systematic way?
Mobile security Critical Criteria:
Generalize Mobile security issues and tour deciding if Mobile security progress is made.
– What are the record-keeping requirements of Secure by design activities?
Multi-factor authentication Critical Criteria:
Bootstrap Multi-factor authentication tasks and find out what it really means.
– What are your results for key measures or indicators of the accomplishment of your Secure by design strategy and action plans, including building and strengthening core competencies?
– Does remote server administration require multi-factor authentication of administrative users for systems and databases?
– How can we incorporate support to ensure safe and effective use of Secure by design into the services that we provide?
– In a project to restructure Secure by design outcomes, which stakeholders would you involve?
– Is multi-factor authentication supported for provider services?
Multiple Independent Levels of Security Critical Criteria:
Add value to Multiple Independent Levels of Security visions and give examples utilizing a core of simple Multiple Independent Levels of Security skills.
– How important is Secure by design to the user organizations mission?
– Why are Secure by design skills important?
Network security Critical Criteria:
Reorganize Network security outcomes and diversify by understanding risks and leveraging Network security.
– Do we Make sure to ask about our vendors customer satisfaction rating and references in our particular industry. If the vendor does not know its own rating, it may be a red flag that youre dealing with a company that does not put Customer Service at the forefront. How would a company know what to improve if it had no idea what areas customers felt were lacking?
– Does Secure by design include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?
– Are the disaster recovery plan (DRP) and the business contingency plan (BCP) tested annually?
– Do we all define Secure by design in the same way?
Operating system shell Critical Criteria:
Start Operating system shell risks and suggest using storytelling to create more compelling Operating system shell projects.
– Do those selected for the Secure by design team have a good general understanding of what Secure by design is all about?
– Will new equipment/products be required to facilitate Secure by design delivery for example is new software needed?
– How do we measure improved Secure by design service perception, and satisfaction?
Principle of least privilege Critical Criteria:
See the value of Principle of least privilege issues and mentor Principle of least privilege customer orientation.
SQL injection Critical Criteria:
Analyze SQL injection tactics and integrate design thinking in SQL injection innovation.
– Think about the kind of project structure that would be appropriate for your Secure by design project. should it be formal and complex, or can it be less formal and relatively simple?
– What may be the consequences for the performance of an organization if all stakeholders are not consulted regarding Secure by design?
– Are controls implemented on the server side to prevent sql injection and other bypassing of client side-input controls?
– What threat is Secure by design addressing?
Secure by default Critical Criteria:
Depict Secure by default failures and display thorough understanding of the Secure by default process.
– Can we do Secure by design without complex (expensive) analysis?
Secure coding Critical Criteria:
Chart Secure coding projects and raise human resource and employment practices for Secure coding.
Security-focused operating system Critical Criteria:
Have a session on Security-focused operating system projects and get answers.
Security by design Critical Criteria:
Map Security by design tactics and assess and formulate effective operational and Security by design strategies.
– Does Secure by design appropriately measure and monitor risk?
Security through obscurity Critical Criteria:
Co-operate on Security through obscurity issues and point out improvements in Security through obscurity.
– Will Secure by design have an impact on current business continuity, disaster recovery processes and/or infrastructure?
– What knowledge, skills and characteristics mark a good Secure by design project manager?
Software Security Assurance Critical Criteria:
Inquire about Software Security Assurance goals and report on developing an effective Software Security Assurance strategy.
– What are our needs in relation to Secure by design skills, labor, equipment, and markets?
Software design Critical Criteria:
Frame Software design planning and define what do we need to start doing with Software design.
– Do Secure by design rules make a reasonable demand on a users capabilities?
Software engineering Critical Criteria:
Consolidate Software engineering planning and plan concise Software engineering education.
– DevOps isnt really a product. Its not something you can buy. DevOps is fundamentally about culture and about the quality of your application. And by quality I mean the specific software engineering term of quality, of different quality attributes. What matters to you?
– Can we answer questions like: Was the software process followed and software engineering standards been properly applied?
– What prevents me from making the changes I know will make me a more effective Secure by design leader?
– Is open source software development faster, better, and cheaper than software engineering?
– Is Secure by design Realistic, or are you setting yourself up for failure?
– Better, and cheaper than software engineering?
Trojan horse Critical Criteria:
Think carefully about Trojan horse risks and catalog what business benefits will Trojan horse goals deliver if achieved.
– what is the best design framework for Secure by design organization now that, in a post industrial-age if the top-down, command and control model is no longer relevant?
– How do we go about Securing Secure by design?
Undefined behavior Critical Criteria:
Debate over Undefined behavior quality and adopt an insight outlook.
– How do we ensure that implementations of Secure by design products are done in a way that ensures safety?
– Which Secure by design goals are the most important?
User identifier Critical Criteria:
Be clear about User identifier goals and arbitrate User identifier techniques that enhance teamwork and productivity.
– What tools do you use once you have decided on a Secure by design strategy and more importantly how do you choose?
Web server Critical Criteria:
Communicate about Web server tasks and probe Web server strategic alliances.
– Are web servers located on a publicly reachable network segment separated from the internal network by a firewall (dmz)?
– Do we know what we have specified in continuity of operations plans and disaster recovery plans?
– When a Secure by design manager recognizes a problem, what options are available?
– How is the value delivered by Secure by design being measured?
This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Secure by design Self Assessment:
Author: Gerard Blokdijk
CEO at The Art of Service | theartofservice.com
Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.
To address the criteria in this checklist, these selected resources are provided for sources of further research and information:
Secure by design External links:
Legolas Exchange, Fair and Secure By Design
LMD Architects – Secure By Design
Sebyde – Secure by Design – Home | Facebook
Antivirus software External links:
Spybot – Search & Destroy Anti-malware & Antivirus Software
Antivirus Software, Internet Security, Spyware and …
Geek Squad Antivirus Software Download | Webroot
Application security External links:
Web Application Security, Testing, & Scanning | PortSwigger
SyncDog | Mobile Application Security – Unleash the …
BLM Application Security System
Buffer overflow External links:
Buffer Overflow – OWASP
C standard library External links:
[PDF]C Standard Library – baolijie.store
C standard library (Book, 1987) [WorldCat.org]
Computer access control External links:
Smart Card Technology: New Methods for Computer Access Control
Computer crime External links:
“Barney Miller” Computer Crime (TV Episode 1979) – IMDb
What is a Computer Crime? (with pictures) – wiseGEEK
Computer crime legal definition of computer crime
Computer network External links:
What is a Computer Network? Webopedia Definition
15-1152.00 – Computer Network Support Specialists
Computer security External links:
Naked Security – Computer Security News, Advice and …
Kids and Computer Security | Consumer Information
GateKeeper – Computer Security Lock | Security for Laptops
Computer virus External links:
Free computer viruses Essays and Papers – 123HelpMe
New computer virus causes havoc | Daily Mail Online
Title: Computer Virus – Internet Speculative Fiction Database
Cryptographic hash function External links:
What Is a Cryptographic Hash Function? – Lifewire
Bitcoin – Cryptographic hash function – YouTube
9-7.4 Cryptographic Hash Function – USPS
Cyber security standards External links:
Cyber Security Standards | NIST
The Devolution of Cyber Security Standards in the US
Cyber security standards – ScienceDaily
Denial of service External links:
Denial of Service Definition – Computer
SMBLoris Windows Denial of Service Vulnerability
Dog food External links:
Dog Food, Cat Food, and Treats | Purina® Pro Plan®
Dog Food & Health Products from TruDog® | Keeping It Real™
The Farmer’s Dog: Homemade dog food, DIY or delivered
Format string attack External links:
Format string attack – Example Problems
Format String Attack: introducción – rodin.uca.es
Format string attack – OWASP
Home directory External links:
Terminal Server User’s Home Directory Is Not Set Correctly
Information security External links:
[PDF]TITLE: INFORMATION SECURITY MANAGEMENT …
Federal Information Security Management Act of 2002 – NIST
Managed Security Services | Information Security Solutions
Internet security External links:
Center for Internet Security – Official Site
ZenMate – Internet Security and Privacy at its Best!
Antivirus Software, Internet Security, Spyware and …
Intrusion detection system External links:
Intrusion Detection Systems – CERIAS
[PDF]Section 9. Intrusion Detection Systems
[PDF]Intrusion Detection System Analyzer Protection …
Intrusion prevention system External links:
Intrusion prevention system
Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
Wireless Intrusion Prevention System (WIPS) | …
Cisco Next-Generation Intrusion Prevention System …
Logic bomb External links:
Download and Read Logic Bomb Logic Bomb logic bomb
Logic Bomb – TV Tropes
Download and Read Logic Bomb Logic Bomb logic bomb
Machine code External links:
Frigidaire washing machine code dr | Shop Your Way: …
Machine Code: Big Data Lands GE on MIT Review’s Smart List
G-codes Machine Code Reference | Tormach Inc. providers …
Malicious user External links:
Import This Malicious User-Agent String Feed | RSA Link
Mobile secure gateway External links:
TeskaLabs – Mobile Secure Gateway
Mobile security External links:
Privoro | Mobile Security Products
Find Your Lost or Stolen Android Device | AVG Mobile Security
Mobile Protection, Enterprise Mobile Security – Skycure
Multi-factor authentication External links:
Multi-Factor Authentication™ | User Portal
Multiple Independent Levels of Security External links:
Multiple Independent Levels of Security
Multiple Independent Levels of Security/Safety (MILS) is a high-assurance security architecture based on the concepts of separation and controlled information flow; implemented by separation mechanisms that support both untrusted and trustworthy components; ensuring that the total security solution is non-bypassable, evaluatable, always invoked and tamperproof.
[PDF]MILS Multiple Independent Levels of Security – ACSA)
Network security External links:
Institute for Applied Network Security – Official Site
Cloud Harmonics Network Security Training and IT Training
NIKSUN – Network Security and Performance
Principle of least privilege External links:
What is the principle of least privilege? – Indiana University
SQL injection External links:
CEHv9 MOD13 SQL Injection Flashcards | Quizlet
SQL Injection | US-CERT
Sculptor – Blind SQl Injection – YouTube
Secure by default External links:
DCOM Secure by Default – Scribd
Secure coding External links:
Secure Coding Education | Manicode Security
Security through obscurity External links:
Security Through Obscurity Considered Dangerous – …
Security through obscurity – InfoAnarchy
Software Security Assurance External links:
Importance of Software Security Assurance | Oracle
Software design External links:
The Nerdery | Custom Software Design and Development
Custom Software Design & Development | FrogSlayer
MjM Software Design
Software engineering External links:
Codesmith | Software Engineering & Machine Learning
Academy for Software Engineering / Homepage
Software Engineering Institute
Trojan horse External links:
Teachers learn to use math as Trojan horse for social justice
The Trojan Horse – Restaurant & Tavern
Undefined behavior External links:
Undefined Behavior – OWASP
Web server External links:
HNTB ProjectWise Web Server
SpiderControl SCADA Web Server | ICS-CERT
ProjectWise Web Server