Security Design

It is well known that the cost of making significant changes to systems increases disproportionately during the development process: late changes can be very expensive indeed. Perhaps less obviously, the effectiveness of those changes decreases during the lifecycle: late changes are more constrained by the rest of the system (imagine trying to change the width of a bridge after the bridge piers have been built!). The same is true of information security controls. Generally speaking, the most cost-effective and efficient information security controls are designed into the systems architecture from scratch rather than being added later. A solid, comprehensive and well-documented system security design provides an ideal basis on which to develop and test the security controls.

Working in conjunction with project staff and management on a major development project, our consultants apply their governance expertise to help:

  • Analyse the information security risks relating to the system and its operational environment, identifying key risks that would justify specific controls to supplement baseline/general controls
  • Specify the specific information security control objectives in functional terms (e.g. “The system must never fail during core business hours, and should normally be available round-the-clock on weekdays.”).
  • Specify the corresponding system, procedural, management and physical controls in technical terms (e.g. “On-line incremental backups will be required during the week, with off-line full backups at weekends.”).
  • Document the complete set of risks, control objectives and controls as a coherent information security design, with appropriate references to standards such as ISO/IEC 27002, COBIT and ISO 20000 (ITIL). 
  • Ratify the design by looking for any missing control objectives (sometimes entire classes of controls are innocently forgotten!) and reviewing the controls against the control objectives, identifying, in conjunction with IT and business people, assumptions, flawed logic and gaps.

Our consultants’ wide experience of information security helps us suggest suitable controls, and can identify situations where proposed controls fall short of the requirements. Call ChoiceIT to help design effective information security controls that will minimise the risks to your business.


Warning: include(footer.php) [function.include]: failed to open stream: No such file or directory in /var/www/sites/www.choiceit.ro/services/security_design.php on line 27

Warning: include() [function.include]: Failed opening 'footer.php' for inclusion (include_path='.:/usr/share/pear:/usr/share/php') in /var/www/sites/www.choiceit.ro/services/security_design.php on line 27