Even if you are not an engineer, NIST 800-160 Volume 1 could help you in your work to understand security by design. It shows what you need to secure your information system. In the other blogs in this series, we’ve summarized the major points of the document. In the final installment, we’ll take a look at the Technical Processes in Chapter 3.
These processes round out the security-by-design thinking found in NIST 800-160 Volume 1. Given the total number of technical processes, these summaries of security design principles are very brief. Referring back to the source special publication is recommended.
Technical Processes for Security by Design
Business or Mission Analysis: This process helps find the scope, basis and drivers of the business or mission as they relate to security. By the end of this process you should have defined and characterized security aspects of solutions and problems. It will help you consider different solutions and enable systems or services to achieve the security aspects of business or mission analysis.
Stakeholder Needs and Requirements Definition: This process helps define security needs that include protection capability, security characters and security-driven constraints needed by users and stakeholders. At the end of this process, you should have identified and addressed the security interests and concerns of all stakeholders throughout the system life cycle. You will have defined stakeholder protection needs, including constraints on the system. Stakeholder agreements will be in place, as ..