Cookies on the security manual

We’d like to use analytics cookies so we can understand how you use the service and make improvements.

View cookies

You’ve accepted analytics cookies. You can change your cookie settings at any time.

Hide cookie message

You’ve rejected analytics cookies. You can change your cookie settings at any time.

Hide cookie message
Skip to main content
  • Manuals and services
  • GitHub

Other manuals

  • Accessibility manual
  • Design manual
  • User research manual
  • Technical manual
  • Architecture manual
  • Cyber and information security manual

Standards and assurance

  • Apply the Service Standard
  • Find and use standards

Working in DfE

  • Design histories
  • Job descriptions

Close this menu

Department for Education cyber and information security manual Department for Education cyber and information security manual

Menu

  • Cyber and information security
  • Secure by Design
Secure by Design
  • Introduction
  • Roles and responsibilities
  • Activities
  • Get support
Back to activities

Alpha activities

An overview of all activities you will need to do across the alpha phase.

Activities to start with

Considering security within the business case (Opens in new tab)

Identifying security resources (Opens in new tab)

Agreeing roles and responsibilities (Opens in new tab)

Working out the project's security risk appetite (Opens in new tab)

Managing third-party product security risks (Opens in new tab)

Ongoing activities that must be carried out throughout the alpha phase:

Tracking Secure by Design progress

Activities to do next

Documenting service assets (Opens in new tab)

Assessing the importance of service assets (Opens in new tab)

Sourcing a threat assessment (Opens in new tab)

Performing threat modelling (Opens in new tab)

Performing a security risk assessment (Opens in new tab)

Agreeing a security controls set for your service (Opens in new tab)

Activities to do later

Responding to and mitigating security risks (Opens in new tab)

Assessing the effectiveness of security controls (Opens in new tab)

Implementing a vulnerability management process (Opens in new tab)

Discovering vulnerabilities (Opens in new tab)

Managing observability (Opens in new tab)

Evaluating the security impact of changes (Opens in new tab)

Retiring service components securely (Opens in new tab)

Previous page : Discovery activities
Next page : Private beta activities

Tell us what you think of this manual

Support links

  • Cookies
  • Accessibility
  • Sitemap
All content is available under the Open Government Licence v3.0, except where otherwise stated
© Crown copyright