5 BASIC STEPS FOR SECURITY ENGINEERING & RISK ANALYSIS

5 BASIC STEPS FOR SECURITY ENGINEERING & RISK ANALYSIS

Good security engineering requires a “Risk Analysis State of Mind”

What exactly do we mean by “Risk Analysis State of Mind” ?  We mean following the basic (and overly simplified)  list below.

Security engineering & risk analysis in 5 simplified steps:

1. Defining a policy: What we want to achieve.
2. Defining procedures: How we are going to reach our goal and what are our guidelines.
3. We have a solution / mechanisms in place:  The ciphers, access controls, authentication methods, tamper-resistance controls and other security controls that you bring together in order to implement the needed secure solution.
4. Enforcement: The effort we put into verifying that our policy is upheld and that our security controls are in place and effective, achieving our goal -> security.
5. Reevaluation: We like to call it the “Feedback Loop”. An organization needs to check itself frequently, in order to verify that the buildings blocks above are relevant and still intact, given that cyberspace, technology and the threats the organization faces are ever evolving and changing.

Additional Resources relating to security engineering & risk analysis:

PwC’s Practical Guide for Risk Assessment

Generate Internal Risk Analysis Reports

• 5 steps for risk analysis
• 5 steps for security engineering
• 5 steps to security engineering & risk analysis
• access-controls
• authentication-methodology
• authentication-methods
• ciphers
• david-fletcher-BYOD-cartoon
• david-fletcher-cartoon
• david-fletcher-NZ
• define-a-policy
• define-a-procedure
• define-security-goals
• define-security-guidelines
• feedback-loop
• policy-enforcement
• reevaluation
• risk analysis
• Security engineering
• tamper-resistance-cybersecurity