Security by Design

2.4 Cornerstones

One single vulnerability is all an attacker needs

What is security by design?

Definition

The approach to the development of systems, products, or services that integrates security and privacy considerations from the start, rather than addressing them as an afterthought

Purpose

To proactively build security and privacy into the fabric of products, systems, or services, aligning with ethical and legal norms

The need for security

All organisations are by law required to protect the information of its stakeholders as well as ensure the physical safety of its employees and relevant stakeholders. The laws differs from location to location, but there are always laws and regulations that needs to be adhered to. There are also company secrets that should be kept within the company to protect its assets.

The risks and threats today, especially cyber threats are increasing and the consequences of breaches can be devastating to organisations.

The different practices of security

The CUBE® framework includes the following practices within the domain of security:

Physical security
Privacy
Protective Security
Cyber security

The above can also be summarized as Information Security with the purpose to protect the organisations assets and the relevant stakeholders’ assets from theft, damage and unauthorised access or use.

Physical Security is about protecting physical assets, people, information, etc. by setting up physical barriers, surveillance systems, etc.

Privacy is about ensuring personal integrity and protecting personal data.

Protective Security is about safeguarding individuals, assets, information, etc. by preventing, deterring and responding to security incidents.

Cyber Security is about protecting digital assets such as computer systems, networks, data, etc. by ensuring confidentiality, integrity and availability of digital information.