Architecture and Design Security Reviews

Build Security Review Process, integrate security review in SDLC

  • People: security team and product team security champions

  • Process: review workflow management by PMs, criticality criteria for review, approval process, exceptions

  • Artifact expectation: reviewers, reviewees, design review templates, review questions

  • Create an approval gate for development, deployment.

    Technology: build technical standards and guidelines

  • Coding standards, Open Source Use Standards

  • API and Application Security standards,

  • Data Classification and Privacy standards, Cryptography Use Standards

  • AI use standards

    Threat & Risk management and tracking

  • Building and tracking asset inventory, threat models,security controls lists?

  • A risk management framework: severity rating, vulnerability management policy, risk tracking

  • Remediation tracking and monitoring, artifacts storage, recording

Previous

Security Strategy and Program
Next

Industry & Product Specific Security