Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to Build a Secure System and Keep it Secure in the Face of Changing Requirements

How to Build a Secure System and Keep it Secure in the Face of Changing Requirements

As we move towards architectures designed to cope with changing requirements, and eternal services that go live and iterate, how can we manage change in a secure way? How can we possibly build secure systems in this environment

If you work in a governmental or regulated industry then you’ll already be familiar with the hollow promises of accreditation. That’s commonly the thing left until the end, about the same time as the testing, and gives rise to the concept that security is the team that just says no.

What if it could be different? What if a service could be continually accredited, continually tested against a baseline of security tests, and that the team was able to own and manage the risk register?

In this talk, I will talk through how Government is changing it’s approach to accreditation, to building secure services. We’ll cover things from continuous security testing through to living risk registers, team threat assessments and security embracing the entire service design

Michael Brunton-Spall

March 19, 2015
Tweet

More Decks by Michael Brunton-Spall

Other Decks in Technology

Transcript

  1. GDS Michael Brunton-Spall "FBI Fraud Scheme Zeus Trojan" by FBI.

    Licensed under Public Domain via Wikimedia Commons - http://commons.wikimedia.org/wiki/File:FBI_Fraud_Scheme_Zeus_Trojan.jpg
  2. GDS Michael Brunton-Spall As a fraudster, When I submit a

    fake claim for £1000, A payment for £1000 gets authorised
  3. GDS Michael Brunton-Spall Choose the right process for you Apply

    some basic principles Dedicate someone to it Align security and delivery