Next Gen SAAS Tools That Boots Your Marketing and Sales!

How to Implement and Manage Engineering Processes using Secure Design Principles


When managing projects or processes, you need to use proven principles to ensure you end up with a functional solution that meets or exceed the requirements, stays within the budget, and does not introduce unnecessary risk to the organization. The following are the high-level phases of a project:

  • Idea or concept. You might want to create an app or a new web site, or deploy a new on-premises virtualized infrastructure. At this stage, the priority is to stay at a high level, without details. You need to document what the idea or concept will amount to. For example, you want to develop an app that will enable customers to schedule appointments, manage their accounts and pay their bills.


  • Requirements. It is important to document all the requirements from the various business units and stakeholders. Establish both functional requirements (for example, the app will enable users to pay bills by taking a picture of their credit card) and non-functional requirements (for example, the app must be PCI DSS compliant).


  • Design. Next, establish a design to meet the requirements. A design cannot be completed without all requirements. For example, to know how robust an infrastructure to design, you need to know how many users need to use the system simultaneously. Part of the design phase must be focused around security. For example, you must account for the principle of least privilege, fail-safe defaults and segregation of duties.


  • Develop and implement in a non-production environment. In this phase, you create and deploy hardware, software and code as applicable for your project into a non-production environment (typically a development environment).


  • Initial testing. Teams test the non-production implementation. The goal is to find and eliminate major bugs, missing functionality and other issues. It is common to go back to the previous phase to make necessary changes. Occasionally, you might have to even go back to the design phase.


  • Implementation. Once all requirements have been met and the team is satisfied, you can move to a quality assurance (QA) environment. There, you’ll repeat the “develop and implement” phase and the testing phase. Then you will move the app or service to the production environment.


  • Support. After you implement your solution, you must operationalize it. Support teams and escalation paths should have been identified as part of the design.
    There are many other phases, such as user training, communication and compliance testing. Remember that skipping any of these steps reduces the chances of having a successful and secure solution.

Leave a Reply

Your email address will not be published. Required fields are marked *

error: Content is protected !!