Skip main navigation

Understanding the cyber security ecosystem

In this Step we discuss the language of Security by Design
Man working at computer

“Secure by Design” and “Secure by Default” are other terms closely associated with and used in the literature alongside Security by Design. According to NCSC (National Cyber Security Centre, UK), Secure by Design or Secure by Default covers the long-term technical effort to ensure proper security primitives are built into software and hardware.

It also covers the equally demanding task of ensuring that those primitives are available and usable so that the market can readily adopt them.

This means that through Secure by Design, software developers design online products and services to be secure from the outset to reduce the likelihood of flaws that might compromise information security (Reciprocity, 2020).

Notwithstanding the differences in the wording of the definitions, the primary aim of Security by Design is to prevent a cyber security breach from occurring in the first instance rather than to repair the issue and restore systems after a security breach.

To ensure a holistic approach to security in developing online products and services (aka web-based software applications), it is important to incorporate Security by Design side-by-side with Privacy by Design and Safety by Design.

Safety by Design and Privacy by Design

Safety by Design” refers to how technology companies can apply safeguards to minimise online threats to users of such technologies by anticipating, detecting, and eliminating online harms before they occur. Safety by Design is a proactive and preventative approach with user safety and rights at the centre of the design and development of online products and services. Safety by Design was developed by the Australian eSafety Commissioner.

The Office of the Australian Information Commissioner defines “Privacy by Design” as embedding good privacy practices into the design specifications of technologies, business practices and physical infrastructures. This means building privacy into new systems and processes’ design specifications and architecture. Protecting and safeguarding information security is a global concern. It requires a proactive and comprehensive approach that covers broader security and related perspectives to deal with the online environment’s complex individual, societal and technological factors. In this context, Security by Design, Safety by Design and Privacy by Design can be considered the three pillars on which protections and safeguards are built so that stakeholders using these systems will trust that their information is being carefully safeguarded within and beyond corporate perimeters.

Security Resources


The Australian Cyber Security Centre glossary provides access to a wide range of cyber security terms. You may find it useful to refer to this comprehensive glossary throughout the course to seek further information on terms: Australian Cyber Security Centre glossary

© RMIT 2023
This article is from the free online

Security by Design

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now