When you're improving the security of a system, I find it's helpful to think in terms of the techniques you use, the "building codes" you follow, and the overall life cycle approach you use. While there's a lot to know about security engineering, here's the keys that I've found useful working with customers and experts over the years:
Techniques are specific methods for producing a result:
Think of "building codes" as the principles, patterns, and checklists for the structure:
The approach is the methodology you use to orchestrate your efforts:
Key MSDN References
Is there more to know? Of course. But if you need to dramatically improve your results, these are the key techniques we've used with customers to make immediate impact.