Security is everyone’s responsibility
Last updated: 13 July 2023
All members of the team, not just technical people, should collaborate to consider the security of the application or service they are delivering. Everyone should understand how their own behaviours affect the security of the Home Office.
Rationale
Engaging with wider security communities, and integrating security thinking throughout the software delivery lifecycle, shortens feedback loops in teams. This allows for more efficient redress when concerns are identified. Teams that are collectively conscious of security, and embed security people when necessary, are more effective at implementing appropriate threat reduction measures.
An understanding of the security aspects of team and personal behaviours - beyond core engineering activities - deepens the Home Office defence against the wide range of attacks threat actors are prepared to use.
Applications and Implications
- Use and implement Multi-Factor Authentication (MFA) wherever proportionate
- Put your security ‘hat’ on - think like an attacker to assess security
- Seek out continuous professional development and attend relevant training on security
- Keep the whole team involved in discussions on security - all disciplines can have a positive impact on how security is embedded in your services
- Practice sensible personal operational security to mitigate against attacks on Home Office personnel, for example social engineering attacks
- Collaborate with Home Office cyber security teams, and other delivery teams, to understand available security capabilities and share things that might be reused