top of page

Security Engineering Steps in the Security-by-Design Process

In security architecture, engineers play a crucial part in the security-by-design process. In most cases, security engineers are assigned to technical projects and assist in executing or building the security controls into the solution. Security engineers work closely with their security architect counterparts usually together during the design process or when the security design blueprint is complete. Security architects set the vision for solution and security engineers figure out how to put it into practice.

The engineering design process is a series of steps that engineers follow to execute or build a solution to solve a problem. Engineers do not always follow the engineering design process steps in order, one after another.

1. Define the Problem

The engineering design process starts when you ask the following questions about problems that you observe:

  • What is the problem or need?

  • Who has the problem or need?

  • Why is it important to solve?

2. Do Background Research

Learn from the experiences of others — this can help you find out about solutions to similar problems, and avoid mistakes that were made in the past. So, for an engineering design project, do background research in two major areas:

  • Users or customers

  • Existing solutions

3. Specify Requirements

Design requirements state the important characteristics that your solution must meet to succeed. One of the best ways to identify the design requirements for your solution is to analyze the concrete example of a similar, existing product, noting each of its key features.

4. Brainstorm Solutions

There are always many good possibilities for solving design problems. If you focus on just one before looking at the alternatives, it is almost certain that you are overlooking a better solution. Good designers try to generate as many possible solutions as they can.

5. Choose the Best Solution

Look at whether each possible solution meets your design requirements. Some solutions probably meet more requirements than others. Reject solutions that do not meet the requirements.

6. Develop the Solution

Development involves the refinement and improvement of a solution, and it continues throughout the design process, often even after a product ships to customers or stakeholders.

7. Build a Prototype

A prototype is an operating version of a solution. Often it is made with different materials than the final version, and generally, it is not as polished. Prototypes are a key step in the development of a final solution, allowing the designer to test how the solution will work.

8. Test and Redesign

The design process involves multiple iterations and redesigns of your final solution. You will likely test your solution, find new problems, make changes, and test new solutions before settling on a final design.

9. Communicate Results

To complete your project, communicate your results to the security architect and or project stakeholders. Professional engineers always do the same, thoroughly documenting their solutions so that they can be recorded and supported.

In summary, security engineers play a critical role in implementing security controls in technical projects, working closely with security architects. The engineering design process guides the systematic development of security solutions, starting with problem definition and culminating in effective communication of the results.


bottom of page