Understand the risks to your service
When you build, maintain or change your service, you must have a clear understanding of any associated risks because they will impact your service design and affect your users.
You should work with MHCLG Cyber Security team to design appropriate solutions for your service’s risks.
The Service Manual has some recommendations which can reduce risk to your service, for example, how to:
- protect against fraud when you design and manage your service
- secure your information if you handle ‘official’ classified data
The government security hub security.gov.uk provides links to the policies and standards that we have to follow.
Model security threats
Modelling threats can help you gain a clearer understanding of threats against your service. You can use Attack Tree development workshops to model threats. Any workshops you run should cover all potential attack vectors.
MHCLG Cyber Security Team can help you carry out threat modelling, to help you:
- Understand threats that are unique to your service, helping you to adopt security conscious behaviours during its design, development and operation
- Focus mitigation efforts on the threats that matter – that is, threats that pose the greatest risk to the normal operation of your service
- Ensure the right security controls are in place to match the threats your service faces
- Adopt secure by design approach to your service throughout the service’s lifecycle
The team can also advise you on how threat model efficiently, should you decide to carry it out yourself or through a third party.
You will find more information on our security approaches in Discover IT.
Further Reading
The National Cyber Security Centre (NCSC) provides guidance about cyber security. The Service Manual has advice about securing your information and securing your cloud environment.