Cookies on the security manual

We’d like to use analytics cookies so we can understand how you use the service and make improvements.

View cookies

You’ve accepted analytics cookies. You can change your cookie settings at any time.

Hide cookie message

You’ve rejected analytics cookies. You can change your cookie settings at any time.

Hide cookie message
Skip to main content
  • Manuals and services
  • GitHub

Other manuals

  • Accessibility manual
  • Design manual
  • User research manual
  • Technical manual
  • Architecture manual
  • Cyber and information security manual

Standards and assurance

  • Apply the Service Standard
  • Find and use standards

Working in DfE

  • Design histories
  • Job descriptions

Close this menu

Department for Education cyber and information security manual Department for Education cyber and information security manual

Menu

  • Cyber and information security
  • Secure by Design
Secure by Design
  • Introduction
  • Roles and responsibilities
  • Activities
  • Get support
Back to activities

Discovery activities

An overview of all activities you will need to do across the discovery phase.

Activities to start with

Considering security within the business case (Opens in new tab)

Identifying security resources (Opens in new tab)

Agreeing roles and responsibilities (Opens in new tab)

Ongoing activities that must be carried out throughout the discovery phase:

Tracking Secure by Design progress

Activities to do next

Working out the project's security risk appetite (Opens in new tab)

Managing third-party product security risks (Opens in new tab)

Understanding cyber security obligations (Opens in new tab)

Understanding business objectives and user needs (Opens in new tab)

Activities to do later

Documenting service assets (Opens in new tab)

Assessing the importance of service assets (Opens in new tab)

Sourcing a threat assessment (Opens in new tab)

Next page : Alpha activities

Tell us what you think of this manual

Support links

  • Cookies
  • Accessibility
  • Sitemap
All content is available under the Open Government Licence v3.0, except where otherwise stated
© Crown copyright