Security by design revisited 2nd workshop

by The Information Assurance Advisory Council

Event Information

Share this event

Date and Time

Thu 12 October 2017

10:00 – 13:00 BST

Add to Calendar

Location

The Charing Cross Hotel

The Strand

London

WC2N 5HX

United Kingdom

View Map View Map

Event description

Description

The 2nd workshop in a series of three.

Security by design revisited

Reflection on Workshop 1 and preparation for Workshop 2 on 12 October 2017

Workshop 1 was held on 4th July and was followed by a number of separate individual discussions. These confirmed that there is plenty of advice from numerous sources on how security might be built into product and services, though there is a deficit when thinking about systems of systems. It was decided to proceed with examining the barriers and enablers of adoption of best practice, as the focus for this research. Three key points emerged from the discussion:

Firstly, there is a cultural issue that needs to be examined. This should think about people’s expectations and behaviours around the procurement, purchasing, design, development and whole life management of software and systems.

Secondly, one group came up with the notion of ‘Build well, Operate well’, that might have traction with a wider community than just the specialist security professional. This seemed to resonate in the workshop as a simple statement that captured the essence of an end-state of ethical good practice, producing better systems and services.

Thirdly, there was the concept of ‘paying for the confidence that we can trust technology’. This pointed to the broad economic arguments that shape the two points above.

It is proposed that more time is spent examining the relationships between culture, economics and other factors, in trying to aim to build well and operate well. To do this, the third workshop will be facilitated by Lorraine Dodd from Cranfield university and use elements of soft systems methodology. By building up a picture of these relationships, it is anticipated that a more targeted set of interventions might be envisaged that aim to address the adoption problem. Furthermore, it is proposed that future workshops should include people who are not security specialists, so that the relationships involved can be discussed from multiple perspectives.

Dates for the final London workshops is 1000-1300, 5 Dec 2017

Further information and to register to your attendance.

If you would like to discuss anything in this proposal or offer support, please get in touch with Nigel Jones CEO IAAC - ceo@iaac.org.uk. . Any suggestions for developing this work are welcome.