Skip to main content
All CollectionsCompliance
Security Engineering Principles
Security Engineering Principles
Ethan Heller avatar
Written by Ethan Heller
Updated over a week ago

This requirement is specific to ISO 27001. It is required for Annex A control A.14.2.5.

Secure engineering is actually how you will apply security while making changes to your software or IT applications. An example of a security engineering principle “Assure information protection in processing, transit, and storage.” It’s important to know that principles apply to every phase of your development projects, and to all architectural layers of your final products (business, data, applications, and technology). Taking the example principle, here are examples of how it would be applied at the different layers during development.

  • business layer – e.g., based on user authentication level; only particular users can see personal data

  • data layer – e.g., only logging in with a strong database password for database maintenance activities is allowed

  • applications – e.g., application encryption is used for data export and import

  • technology – e.g., open-source software and state-of-the-art hardware and network infrastructure provided by selected vendors are used

Did this answer your question?