Guidance

Digital Services: Managing cyber security risk in a digital service

Created:  25 Sep 2016
Updated:  25 Sep 2016
Manage your security risk by considering security as a factor in every design and implementation choice. Understand the risks you are prepared to take and those which you aren't.

Consider security as a factor in all the decisions you make whilst designing, building and operating the service.

The person making key technology and architecture decisions needs to understand that many of their choices will have security implications. It's important that the person in this key role has good security input for all their decisions. Some choices will inevitably result in risks being taken on. These will need to be tracked and managed. 

During the development of a service there will be points at which it's logical to take stock of the decisions made, and where risks are being carried, to test whether they are manageable. This process is likely to be most helpful when the system design is changing significantly. Involve someone independent and skilled in security architecture design early on - their feedback can help you build confidence in the security competence of the delivery team. 

See our Risk management principles to inform the approach you take to managing risk in your service.

Was this guidance helpful?

We need your feedback to improve this content.

Yes No