Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Secure Design

Secure Design

Skill definition

Secure design is the ability to apply Cyber Security functions or designs to reduce high-level to low-level service exploitation opportunities. Secure design includes designing countermeasures and mitigations against potential exploitations of service weaknesses for applications, systems, hardware and/or services.

Awareness

  • Understands a number of secure design principles, frameworks and standards for designing a digital service
  • Supports the definition of secure design requirements based on business drivers and attributes
  • Is aware of several methods of design such as agile delivery
  • Is familiar with hardware and software languages that can be used on a digital service
  • Is aware of security audit frameworks for digital services

Working

  • Produces high-level design and develops processes for maintaining the security of a service through its full life cycle
  • Understands and can define secure design principles, frameworks and standards for designing a digital service
  • Explains processes that maintain the required level of security of a component, product, or system through its life cycle
  • Applies secure code/hardware documentation
  • Confers with stakeholders such as engineers and programmers to design high-level applications/services
  • Scopes security audits in accordance with a digital service framework

Practitioner

  • Leads and creates documentation of a digital service and subsequent revisions, inserting comments in the coded instructions so it can be understood by others, including engineers
  • Leads the preparation of detailed workflow and diagrams that describe input, output and logical operation of a digital service
  • Produces low-level design and develops processes for maintaining the security of a service through its full life cycle
  • Leads and translates security requirements into application design elements including documenting specific security criteria
  • Creates audit points in the software development life cycle process by designing audit compliance

Expert

  • Champions secure design principles, frameworks and standards for a digital service or programme
  • Sponsors and directs design of detailed low-level workflows, diagrams that describe input, output and logical operation of a digital service. Designs and develops the processes of a digital service through its full life cycle
  • Leads and translates security requirements into application design elements including documenting specific security criteria
  • Designs advanced audit points into digital services

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now