Skip main navigation

Hurry, only 10 days left to get one year of Unlimited learning for £249.99 £174.99. New subscribers only. T&Cs apply

Find out more

NCSC cyber security design principles

This step introduces the five principles for the design of cyber secure systems
Team working together problem solving at whiteboard
© RMIT 2023

The UK’s National Cyber Security Centre (NCSC) advocates Security by Design that goes beyond individual applications and that ensures networks, systems, technologies, and products are all designed and built securely from the outset.

The NCSC considers that if Security by Design principles are appropriately applied, once networks, systems, technologies, and products are deployed, the users are sufficiently protected and need not worry too much about security. This is valid regardless of whether they use the technologies to gather, store, process, or communicate information, as the information is protected wherever it exists.

Today, with sophisticated technology and processing power, ease of use and security has become possible. The trade-offs that had previously been present due to the lack of processing power for the required levels of technology are no longer an issue. For example, trade-offs previously needed to be made between full and limited encryption if the application performance slowed during full encryption and subsequent decryption.

The NCSC security design principles

The NCSC emphasises five principles for the design of cyber secure systems:

icon for 1. Establish the context before designing a system Before creating a secure system design, you need a good understanding of the fundamentals of the system and to take action to address any identified shortcomings.
icon for 2. Make compromise difficult Apply concepts and use techniques that make it harder for attackers to compromise your data or systems.
icon for 3. Make disruption difficult When high-value or critical services rely on technology for delivery, it becomes essential that the technology is always available. In these cases, the acceptable percentage of downtime can be effectively zero.
icon for 4. Make compromise detection easier To give yourself the best chance of spotting potential cyber attacks, you should be well-positioned to detect compromise.
icon for 5. Reduce the impact of compromise Design to naturally minimise the severity of any compromise.
© RMIT 2023
This article is from the free online

Security by Design

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now