Search within Atkins website
More specific search? Try these
Angles publication platform
Create PDF document
Add web pages to PDF bundle for download
How to use PDF generator
Pages in bundle
View / Manage bundle
17 Aug 2016
Insert banner title text here
Andy Wall shares his thoughts on what good and bad cyber security design looks like.
Business operations, and the technology that supports it, are increasing in complexity. Securing these operations is becoming more difficult, in no small part due to the continuing demand to create more modern, efficient and effective infrastructure.
What we therefore need is better design. Design that is undertaken up front and early in the process. We believe that existing industry approaches only go so far. As an organisation that designs and engineers some of the most complex infrastructure on the planet, we have some views on securing this – the security design challenge.
Technology and security professionals are used to designing technical approaches by using shapes on network maps and schematics - typically detailing many layers, boxes and connections. We adopt a different approach. Although we start with an idea and develop it into a detailed set of requirements, our approach is based on a different form, one which can address diverse levels of analysis, encompass an organisations strategy and objectives, and focus on the people, process and technology required to realise those objectives.
A fundamental aspect to this approach is our belief that security is probably misunderstood in many organisations. To us it is a process and not a product. It should exist to protect assets of value, meaning that it is a relative concept, it has no intrinsic meaning outside the asset view. As an asset changes then so does the security around it based on organisational risk approaches.
If security design is so important what can hinder it? In our experience the key elements are:
So what does ‘good’ look like? Security needs to be built in at every stage of engineering design and fully aligned to business requirements. It is therefore about:
This approach provides traceability from the business to the security requirements so that security controls exist to serve a specific business purpose.
Design though is not a one-off activity. We can’t pat ourselves on the back and walk away happy once it’s delivered. Technology evolves, threats adapt and business needs change. Our designs need to evolve with this and security needs to be lived and operated – it should be the oil in the cogs of your machine.
Local contacts in our regional offices can be found in the Locations section.
Local language websites exist for Denmark, Sweden, Norway and Asia Pacific. To see a full list of our websites, go to the Our websites page.
In the Sector and Service part of the website, relevant regional contacts have been identified.
Faithful+Gould is a member of the Atkins group of companies.
Register for our news alerts and receive the latest news and events
Connect with us
Most computers will open PDF documents automatically, but you may need to download Adobe Reader.