Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Secure Design

Secure Design

Skill definition

Secure design is the ability to apply Cyber Security functions or designs to reduce high-level to low-level service exploitation opportunities. Secure design includes designing countermeasures and mitigations against potential exploitations of service weaknesses for applications, systems, hardware and/or services.
Awareness

Awareness

Understands a number of secure design principles, frameworks and standards for designing a digital service

Supports the definition of secure design requirements based on business drivers and attributes

Is aware of several methods of design such as agile delivery

Is familiar with hardware and software languages that can be used on a digital service

Is aware of security audit frameworks for digital services

Working

Working

Produces high-level design and develops processes for maintaining the security of a service through its full life cycle

Understands and can define secure design principles, frameworks and standards for designing a digital service

Explains processes that maintain the required level of security of a component, product, or system through its life cycle

Applies secure code/hardware documentation

Confers with stakeholders such as engineers and programmers to design high-level applications/services

Scopes security audits in accordance with a digital service framework

Practitioner

Practitioner

Leads and creates documentation of a digital service and subsequent revisions, inserting comments in the coded instructions so it can be understood by others, including engineers

Leads the preparation of detailed workflow and diagrams that describe input, output and logical operation of a digital service

Produces low-level design and develops processes for maintaining the security of a service through its full life cycle

Leads and translates security requirements into application design elements including documenting specific security criteria

Creates audit points in the software development life cycle process by designing audit compliance

Expert

Expert

Champions secure design principles, frameworks and standards for a digital service or programme

Sponsors and directs design of detailed low-level workflows, diagrams that describe input, output and logical operation of a digital service. Designs and develops the processes of a digital service through its full life cycle

Leads and translates security requirements into application design elements including documenting specific security criteria

Designs advanced audit points into digital services

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now