LogoLogo
Give FeedbackGovStack Home
25Q2
25Q2
  • GovStack
  • Contributing
  • Architecture and Nonfunctional Requirements
    • 2 Introduction
    • 3 GovStack Architecture
    • 4 Building Block Design Principles and Considerations
    • 5 Cross-Cutting Requirements
    • 6 Onboarding Products
    • 7 Standards
    • 8 UX Switching and Handover
    • 9 Other Resources
  • Security Requirements
    • 2 Description
    • 3 Terminology
    • 4 Security Management
    • 5 Cross-Cutting Requirements
    • 6 Standards
    • 7 Authorization Services
    • 8 Additional Security Modules
    • 9 Other Resources
  • GovStack UI/UX Guidelines
    • 1 Version History
    • 2 Description
    • 3 Service design good practice guidelines
      • 3.1 User-centred design
        • 3.1.1.1 Understand needs and requirements
        • 3.1.1.2 Involve others in the design process
        • 3.1.2.1 Test with users
        • 3.1.3.1 Share findings
        • 3.1.3.2 Monitor performance
          • 3.1.3.3 Set up analytics
      • 3.2 Accessibility and inclusion
        • 3.2.1.1 Test for accessibility
        • 3.2.2.1 Involve a diverse user group in the design
        • 3.2.2.2 Support multiple languages
        • 3.2.2.3 Foster a culture of inclusion
      • 3.3 Consistency
        • 3.3.1.1 Use simple language
        • 3.3.2.1 Implement a consistent style guide
        • 3.3.2.2 Use design patterns
        • 3.3.2.3 Use a frontend framework
        • 3.3.3.1 Interoperability
        • 3.3.3.2 Use integrations
        • 3.3.4.1 Work in the open
      • 3.4 Technology choices
        • 3.4.1.1 Choose the right level of security
        • 3.4.1.2 Design for privacy
        • 3.4.2.1 Optimise load times
        • 3.4.2.2 Account for connectivity issues
        • 3.4.3.1 Test across platforms
        • 3.4.3.2 Design cross-channel
    • 4 Design patterns
      • 4.1 Service patterns
      • 4.2 User flows
        • 4.2.1 Register
        • 4.2.2 Authenticate
        • 4.2.3 Asking users for feedback
        • 4.2.4 Find a service
        • 4.2.5 Check a users eligibility
        • 4.2.6 Make an application
      • 4.3 Page templates
        • 4.3.1 Feedback
        • 4.3.2 Perception survey
        • 4.3.3 Satisfaction
        • 4.3.4 Before you start
        • 4.3.5 Service sheet
        • 4.3.6 Asking users for consent
        • 4.3.7 Task list
        • 4.3.8 Asking users for information
        • 4.3.9 Check answers
        • 4.3.10 Outcome
    • 5 Use-case examples
    • 6 References
    • 7 Other Resources
  • Building Blocks
    • About Building Blocks
    • Cloud Infrastructure
    • Consent
    • Digital Registries
    • E-Marketplace
    • E-Signature
    • Geographic Information System (GIS)
    • Identity
    • Information Mediation
    • Messaging
    • Payments
    • Registration
    • Scheduler
    • Workflow
    • Wallet
  • Use Cases
    • Reference Use Cases
  • Public Administration Ecosystem Reference Architecture (PAERA)
    • PAERA
  • Tools
    • Sandbox
  • Release Notes
    • 23Q4
Powered by GitBook

Apache-2.0 license

On this page

Was this helpful?

Export as PDF
  1. GovStack UI/UX Guidelines
  2. 3 Service design good practice guidelines
  3. 3.4 Technology choices

3.4.1.1 Choose the right level of security

Was this helpful?

Choose proportionate security to control and monitor your technology programme. Security should protect your information technology and digital services, and enable users to access the data they need for their work. GovStack offers specific .

Steps

  1. Evaluate the sensitivity of the data you're handling.

  2. Based on the evaluation, choose appropriate encryption methods and robust user authentication systems. Use the Series as a guide:

    • Authentication Cheat Sheet: This provides guidance on implementing secure authentication systems, which is a fundamental aspect of security.

    • Session Management Cheat Sheet: This covers the best practices for handling user sessions securely.

    • Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet: CSRF is a common web application vulnerability that your users should be aware of.

    • Cross-Site Scripting (XSS) Prevention Cheat Sheet: XSS is another common vulnerability, and this cheat sheet provides guidance on how to prevent it.

    • Transport Layer Protection Cheat Sheet: This covers how to use SSL/TLS, which is vital for encrypting data in transit.

    • Input Validation Cheat Sheet: Input validation is an essential measure for preventing many types of attacks.

    • SQL Injection Prevention Cheat Sheet: SQL Injection is a common and dangerous vulnerability, and this cheat sheet provides guidance on how to prevent it.

    • HTML5 Security Cheat Sheet: If your users are using HTML5, this cheat sheet covers many of the new security considerations that come with it.

  3. Implement the security measures in your system.

  4. Test and adjust the security measures to ensure they provide the needed protection without overly impeding usability.

guidance for designing a secure system
OWASP Cheat Sheet