Security by design

In association with TechUK, (ISC)2, EEF – the Manufacturers’ Organisation, and the Trustworthy Software Foundation.

If we were to ask a student or engineer what secure by design means, and how do they do it, what would they say?

Perhaps it depends on who you ask. On the face of it there is plenty of advice and guidance available. Perhaps the problem is therefore one of adoption. This research aims to review the guidance that exists, but then focus on why adoption is a problem in training, education and businesses. Is it that the advice and guidance is too complex to be adopted, reproduced and habituated
easily. Is it simply too expensive to adopt?

A number of questions are within scope of this research:

• What are the barriers to adoption to security by design? • What can be done to reduce the barriers? • Who needs to take the lead? • How do we account for international supply chains? • What measures and quick wins can be adopted with little cost?
• How is the problem viewed from different perspectives in businesses, ethics, education and social contexts. • How can security by design practice be adopted in systems with emergent properties? This research follows on from IAAC’s recent work on smartliving IoT. The first workshop in the series will seek to scope the programme. Date of the final London workshop is:

5 Dec 2017 10am – 1pm

If you would like to discuss anything in this proposal or offer support, please get in touch with Nigel Jones CEO IAAC – ceo@iaac.org.uk.  Any suggestions for developing this work are welcome.