The Cyber-Security-by-Integrated-Design (C-SIDe) project approaches the cybersecurity problem from another angle than that is usual. ‘We take into account that security is not only a technical concept, but it emerges from an interplay of many technical and non-technical factors,’ Olga Gadyatskaya explains. ‘Many companies developing software products already look for security-by-design approaches accommodating security into their software design process. But the current secure software development approaches focus mainly on technology-related steps and engage only participants involved in these technical steps. In our project, we involve a broader selection of stakeholders, and investigate, for example, how well the users understand what they need to do to keep the system secure, or whether managers have realistic expectations about how quickly a secure system can be developed.’

The aim of the C-SIDe project is to create an integrated approach to Security-by-design, and a methodology for developing secure systems that will involve a multitude of stakeholders, including experts in psychology, privacy, and governance and risk management. Gadyatskaya: ‘This methodology will allow organizations to have a better view on security of their products and to create exciting and secure technologies. To facilitate adoption of security-by-design, the project team will also work on identifying opportunities to improve the public policy aiming to support companies working on secure-by-design products.’