Skip to main content

The GDS Way and its content is intended for internal use by the GDS and CO CDIO communities.

Understand the risks to your service

When you build, maintain or change your service, you must have a clear understanding of any associated risks because they will impact your service design and affect your users.

You should work with GDS Information Assurance (IA) to design appropriate solutions for your service’s risks. IA may need to obtain risk acceptance from your Senior Information Risk Owner (SIRO) in some cases, such as your service needing offshoring approval.

The Service Manual has some recommendations which can reduce risk to your service, for example, how to:

Model security threats

Modelling threats can help you gain a clearer understanding of threats against your service. GDS uses Attack Tree development workshops to model threats. Any workshops you run should cover all potential attack vectors.

The CDIO Security Pillar can provide guidance and help run an Attack Tree workshop.

Further Reading

The National Cyber Security Centre (NCSC) provides guidance about cyber security. The Service Manual has advice about securing your information and securing your cloud environment.

This page was last reviewed on 16 November 2021. It needs to be reviewed again on 16 May 2022 by the page owner #gds-way .
This page was set to be reviewed before 16 May 2022 by the page owner #gds-way. This might mean the content is out of date.