Maximus methodology used for performing Security-by-Design (SBD) is a combination of models/frameworks and standards including zero trust security, defence-in-depth, Enterprise Architecture (EA), ISO/IEC 27002, CIS v8 and SP800-series standards.
MXMS SBD™ adopts the zero trust security model where the concepts of defining mission outcomes, architect from inside outside, determine who/what needs access to the critical Data/Assets/Applications/ Services (DAAS) to create access control policies, inspect and log all traffic before acting.
While “Defining mission outcomes” in the zero trust concept allows designers of the system to focus on right places to secure the solution, the rest of the concepts are principle-based and require further elaboration. SBD frames the security concerns through the EA framework of this system in which this framework helps architects, designers, engineers and reviewers understand how an organization's systems and assets are logically structured and connected. There are four architectural layers in an EA framework, business, data, application and technical architectures.
Security Planning Advisory
System Classification Advisory
Threat and Risk Assessment
Tender Security Requirements Analysis and Advisory
Tender Security Specification Evaluation & Advisory
Critical Security Design Review (Architecture Security & Security Controls)
Application Security Testing & Source Code Review
System Security Acceptance Testing
Network Service Penetration Testing
Application Penetration Testing
Cybersecurity Audit
Configuration Management Advisory
Change Management Advisory
Secure Disposal Advisory
If you want to learn more about how we managed to assist various organizations in integrating security into their SDLC, feel free to contact us.