Prevention is better than cure. The cause of the many security incidents is explained by the lack of consideration of security during the design phase of a product. Functionality is leading. Followed by technical requirements, usually aimed at matters such as scalability and availability. A design review ensures that security and privacy are included in the functional and technical requirements of an IT-infrastructure and/or (web) application.
“The product has been designed from the ground up to be secure and safeguard privacy”
Security and privacy by design are legal requirements. It means that software has been designed from the ground up to be secure and safeguard privacy. In a time of rapid technological developments, constantly moving markets and changing laws and regulations, a design review is an important tool for security and privacy by design.
With a design review, ITsec examines the design of a product, such as a network design or the design of a new application, with several design criteria or security principles in mind. Some of these have already been described in the early seventies of the last century. Examples of these criteria include isolation, safe defaults, segregation of duties and diversity. ITsec translates the criteria into context specific security features and measures to which the design is tested. Context specific means, specific considering the risks of the organization and the product. For measures, consider two-factor authentication with a token, message authentication codes or code signing.
ITsec delivers a concise report with concrete recommendations for security measures to implement or improve. A design review leads to consistent, coherent and future-proof security measures for the product that will make an optimal contribution to the objectives of your organization.