Security Techniques, Building Codes, and Approach

When you're improving the security of a system, I find it's helpful to think in terms of the techniques you use, the "building codes" you follow, and the overall life cycle approach you use.  While there's a lot to know about security engineering, here's the keys that I've found useful working with customers and experts over the years:

Key Techniques
Techniques are specific methods for producing a result:

• Threat Modeling
• Security Design Inspection
• Security Code Inspection
• Security Deployment Inspection

Building Codes
Think of "building codes" as the principles, patterns, and checklists for the structure:

• Security Guidelines
• Security Checklists

Approach
The approach is the methodology you use to orchestrate your efforts:

• Security Engineering

Key MSDN References

• patterns & practices Security Engineering
• Security Engineering Explained

Is there more to know?  Of course.  But if you need to dramatically improve your results, these are the key techniques we've used with customers to make immediate impact.