Implement and Manage Engineering Processes Using Secure Design Principles

By Lawrence C. Miller, Peter H. Gregory

It is a natural human tendency to build things without first considering their design or security implications. A network engineer who is building a new network may just start plugging cables into routers and switches without first thinking about the overall design — much less any security considerations. Similarly, a software engineer assigned to write a new program is apt to just begin coding without planning the program’s design.

If you observe the outside world and the consumer products that are available, sometimes you see egregious usability and security flaws that make you wonder how the person or organization was ever allowed to participate in its design and development.

Security professionals need to help organizations understand that security-by-design principles are a vital component of the development of any system.

The engineering processes that require the inclusion of secure design principles include these:

  • Concept development. From the idea stage, security considerations are vital to the success of any new IT engineering endeavor. Every project and product starts with something — a whiteboard session, sketches on cocktail napkins or pizza boxes, or a conference call. However the project starts, someone should ask how vital data, functions, and components will be protected in this new thing. We’re not looking for detailed answers, but just enough confidence to know we aren’t the latest flock of sheep rushing towards the nearest cliff.
  • Requirements. Before actual design begins, one or more persons will define the requirements for the new system or feature. Often, there are several categories of requirements. Security, privacy, and regulatory requirements often need to be included.
  • Design. After all requirements have been established and agreed upon, formal design of the system or component can begin. Design must incorporate all requirements established in the preceding step.
  • Development. Depending on what is being built, development may take many forms, including creating
    • System and device configurations
    • Data center equipment racking diagrams
    • Data flows for management and monitoring systems
  • Testing. Individual components and the entire system are tested to confirm that each and every requirement developed earlier has been achieved. Generally, someone other than the builder/developer should perform testing.
  • Implementation. When the system or component is placed into service, security considerations help ensure this does not place the new system / component or related things at risk. Implementation activities include
    • Configuring and cabling network devices
    • Installing and configuring operating systems or subsystems, such as database management systems, web servers, or applications
    • Construction of physical facilities, work areas, or data centers
  • Maintenance and support. After the system or facility is placed into service, all subsequent changes need to undergo similar engineering steps to ensure that new or changing security risks are quickly mitigated.
  • Decommissioning. When a system or facility reaches the end of its service life, it must be decommissioned without placing data, other systems, or personnel at risk.