Security and privacy by design
Prevention is better than cure. The cause of the many security incidents is explained by the fact that during the design phase of a product insufficient consideration has been given to security and privacy. Functionality is leading. This is followed by the technical requirements that are often focused on matters such as scalability and availability. A design review ensures that security and privacy are included in the functional and technical requirements of an infrastructure, application and / or device. Security and privacy by design are a legal requirement. That means that software that has been designed from scratch needs to be secure and has to guarantee privacy. In a time of rapid technological developments, a constantly changing market and changing laws and regulations, a design review is an important tool to realise security and privacy by design.
During a design review, Qbit tests the design of a product, for example a network design or the design of a new application or smart device, against a number of design criteria or security principles. Some of these have already been described in the early seventies of the last century. Examples of these criteria are isolation, safe defaults, segregation of duties and diversity. Qbit translates the criteria into, for the product, context-specific security functions and measures against which the design is tested. Context specific means, specific in view of the risks of the organisation and the product. Consider measures like two-factor authentication, message authentication or code signing.
Qbit gives, in a concise report, concrete advice on possible security measures that can be implemented or improved. A design review leads to consistent, coherent and future-proof security measures for the product that contribute optimally to the objectives of your organisation.
Benefits of a design review by Qbit:
- Contributes to security and privacy by design.
- Overview of consistent, coherent and future-proof security measures.
- Practical and feasible recommendations.