Cyber Security by Integrated Design (C-SIDe)
C-SIDe project involves a broad selection of associates in solving cybersecurity problems. Security of software systems has emerged as a critical need in our interconnected society. Companies developing software products look for Security-by-Design approaches accommodating security into their software design process.
- Els de Busser
- NWA Cyber Security
- Institute for Security and Global Affairs (at the Faculty of Governance and Global Affairs)
- Leiden Institute for Advanced Computer Science, the Hague University for Applied Sciences
- National Cyber Security Centre at the Ministry of Justice and Security
Security of software systems has emerged as a critical need in our interconnected society. Too often we hear about security issues found in technologies utilised by millions across the globe, such as failures in functioning, hacks or privacy-related problems. It is not only cheaper but also more sensible to fix these issues during the development time preventing any problems, rather than later, when the system becomes accessible to the users and can cause real damage. Companies developing software products look for Security-by-Design approaches accommodating security into their software design process.
Current Security-by-Design approaches focus on technology-related steps and engage only stakeholders involved in these technical steps. Our insight is that security is not only a technical concept, but it emerges from an interplay of many technical and non-technical factors, for example, how well the users understand what they need to do to keep the system secure, or whether the managers have realistic expectations about how quickly a secure system can be developed.
We aim to develop an integrated approach to Security-by-Design, and a methodology for developing secure systems that will involve a multitude of stakeholders, including experts in psychology, privacy, and governance and risk management. This methodology will allow organisations to have a better view on security of their products and to create exciting and secure technologies. To facilitate adoption of security-by-design, we will also work on identifying opportunities to improve the public cyber security policy aiming to support companies working on secure-by-design products.
We are joining experts from the relevant domains by setting up a cooperation between the Institute for Security and Global Affairs (at the Faculty of Governance and Global Affairs), the Leiden Institute for Advanced Computer Science, the Hague University for Applied Sciences and the National Cyber Security Centre at the Ministry of Justice and Security. Further, we are cooperating with SURF, and the National eHealth Living Lab at the Leiden University Medical Centre. They will be instrumental in helping us develop and test the methodology.
The project has a one-of-a-kind structure in which four PhD candidates and one postdoc researcher will conduct their own research but will also maintain a strong interdisciplinary cooperation. Of the four PhD candidates, two will be focusing on the technological part of the project and two will be working on the topic of private organization and public governance. The four of them will jointly be developing the C-SIDe methodology and this is a unique feature of the project. The postdoc researcher will conduct a study of the key concepts to be used throughout the project, how they relate to each other, develop a common terminology and support the four PhD candidates in their cooperation.