Secure System Development provides cyber information security services to national solutions, through development phases of projects and programmes. This includes proposing secure solutions and mitigations to reduce risk.
How it works
Working within a project/solution delivery team, we provide first line security support, defining and documenting the security requirements to gain assurance of national solutions.
Influencing security considerations early in the design, ensuring consistency is applied and security remains an integral part of the development through effective Secure by Design.
Benefits
- Early assessment and identification of security risk associated with development allowing mitigations as part of Secure by Design.
- Reduced cost by implanting appropriate security controls early in the design and build phases, reducing need for costly additions later in the lifecycle.
- Reduced risk posture by application of proportionate controls.
- Enabling and supporting key cyber incident and resilience strategies. For example, the National Policing Cyber Security Strategy.
- Regulatory compliance with national and policing standards.
- Flexible support model to meet changing organisational needs.
 |
 |
Learn more about member benefits on our dedicated Members page.
What we need
- Solution requirements.
- Breakdown of the information assets intended to be processed within the solution.
- Collaboration with other subject matter experts and relevant stakeholders.
- Agreement on scope and timelines.
What you get
- Early assessment of security risk for design and implementation.
- Creation of Security artifacts required to mitigate security risks, enabling National Assurance.
- Identification and application of effective and efficient security controls that are proportional to the risk.
- Development in line with Secure by Design.
- ITHC and Pen test scoping, with supported remediation plan creation, aligned to risk reporting.
- Expert guidance across all security domains.
- Recommendations for risk mitigation and control improvements.
- Structured handover of security artifacts created as part of delivery to enable effective security management in live running.
Use case
Policing identified a need for a national platform in Microsoft Azure. The National Police Capabilities Environment (NPCE) concept was developed to meet that requirement.
Secure System Development, implemented the Secure by Design process (working closely with other subject matter experts in the Police Digital Service). This defined and documented the security requirements to mitigate identified risks.
Products including guidance documents and risk assessments were provided to the National Cyber, Assurance and Standards Team to evidence effective risk mitigation and management. This enabled national assurance to be gained and risk exposure to be minimised.
