What is design review and how will it help in uncovering security vulnerabilities in security architecture?
Design review is a deliverable within a system development process whereby a design of the system is evaluated against established metrics and its business requirements. Besides, it may identify inherent problems in the current design before implementing it in production environment. In regards to cybersecurity, design review assesses information systems proposed design from a security perspective and based on security threats and risks that may occur at the design level of the system. In design review process, stakeholders evaluate the design of the information system (IS) under consideration and participants provide candid feedback after the designers present their actual design.
The purpose of a design review of services and solutions is to ensure each is fit for purpose, to identify risks, to measure if the solutions meet the business requirements and finally to identify possible security controls to manage the risks. A major consideration in design review is the scope of the reviewing process and actually conducting the reviewing task. When reviewing design of information systems, risk appetite or tolerance, business objectives, security objectives and potential constraints should be taken into consideration.