Guidance

Digital service security

Created:  25 Sep 2016
Updated:  07 Oct 2016
Cyber Security Consultancy
Designing, building and operating digital services to deter cyber attack.

We use digital services to manage just about every aspect of our lives. Online shopping and banking are obvious examples, but we're also talking about important public services like applying for a passport or filing a tax return. 

Convenient digital services are now expected and relied upon by millions of end users. But there is a hidden cost. Because these virtual services provide access to things of very real value, they have become a prime target for cyber attack.

When a digital service is successfully compromised, the fallout can be damaging, expensive and embarrassing for the organisation involved and potentially catastrophic for the individuals whose data has been lost.

However, in many cases, the worst outcomes can be avoided if services are designed, built and operated wellThe majority of breaches occur because one or more of these aspects has been neglected. 

This collection is intended to give you a high level tour of the approaches we recommend at each stage of a service’s lifecycle. Using these principles will make your service a ‘hard target’ for would-be attackers.

5 Aspects of Digital Service Security

  1. Digital Services: Understanding your service

    Understand your service and the data you need to operate it. Take an end to end view of your service when protecting it - make sure you include the users, their devices and your suppliers.

  2. Digital Services: Managing cyber security risk in a digital service

    Manage your security risk by considering security as a factor in every design and implementation choice. Understand the risks you are prepared to take and those which you aren't.

  3. Digital Services: Designing a secure digital service

    Design your digital services to be difficult to compromise and disrupt. Limit the impact of a compromise and make it easy to detect a successful attack.

  4. Digital Services: Building a secure digital service

    Build out your service using best practice configuration guidance. Protect the integrity of your source code and other artefacts from day one right through to deployment. Test that you've secured it properly.

  5. Digital Services: Operating a secure digital service

    Operate your service well by continually improving and testing it, patching or mitigating security issues in components and by monitoring for attacks, or unusual behaviour.

Was this guidance helpful?

We need your feedback to improve this content.

Yes No