Serviceteam IT Security News

Before you can design a secure digital service it’s important to understand a few things first:

  • Understand the purpose of your service and the data you will need to operate it
    You must decide what portion of your expected data holdings you need to protect, and to what extent. Work with the risk owner for your service to determine which losses and impacts are acceptable and which are not. 
     
  • Understand the role your suppliers play in securing your service
    The suppliers you use to help build and operate your service play a vital role in helping to keep it secure. Being clear about your intentions and requirements for security in your contracts with suppliers is important, but being over-prescriptive can lead to adversarial behaviour. 

    It’s better to build a shared risk proposition with suppliers so they are invested in doing the right thing, rather than just fulfilling a contractual obligation.
     

  • Take an end-to-end view of your service rather than focusing on part of it
    You should understand how user interactions with your service translate to messages or interactions within it. Take account of every possible point at which data could be stored, processed and rendered. There are a number of areas which are regularly overlooked, such as the end user devices used to access your service. 
     
  • Ensure the governance arrangements for your system are clear. Everyone involved in securing the system needs to understand their responsibilities
    Good governance implies effective control over the security of the service and of the data held. Where trades need to be made between security, usability and cost, it’s important to makes those trades with an awareness of all potential implications. 

    When it comes to responsibilities for security, ensure that the right people are empowered to protect the service and accept that this could mean giving relatively junior people the ability to degrade the service in response to external events – without reference to senior management.

More information on these points is included here.

Source: NCSC

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!