Skip main navigation

Revisiting the big question

How do you apply Security by Design principles to effectively design, develop and deploy online products and services with security at their core?
People working together at desk writing code

The big question posed at the beginning of this course and that has been explored over the past four weeks is:

How do you apply Security by Design principles to effectively design, develop and deploy online products and services with security at their core?

You should now have a solid understanding of the important role that Security by Design plays in assisting technology companies and developers to firmly embed user security into product and service design, development and release processes, and the main principles and practices that can be applied to achieve such security.

The course content has captured the broad application of Security by Design – as a range of concrete principles and practices – across the digital ecosystem. These Security by Design principles encompass, but are not restricted to:

  • The Confidentiality, Integrity and Availability triad upon which the foundations of information security are built.
  • The UK National Cyber Security Centre’s cyber security design principles that advocate a security approach that goes beyond individual applications and that ensures networks, systems, technologies, and products are all designed and built securely from the outset.
  • The OWASP secure cyber design principles that emphasise minimising the attack surface and building defence in depth, and
  • The academic research-based human-centric U3 concept that focuses on Users, Usage and Usability as a means of strengthening the security of online products and services.
  • The ASD/ACSC Secure-by-Design Foundations which identify key focus areas to uplift security and that are designed to assist technology manufacturers and developers to adopt Secure by Design practices.

Build security into product and service design

The Security by Design concept emphasises the need to build security into a system rather than depending on a multitude of disparate suites of security solutions to provide the required levels of security to applications, systems, and networks that support information assets and hold organisational data. In other words, rather than retrofitting security after an issue has occurred, Security by Design principles and practices focus on the ways technology companies can take a proactive and preventative approach to minimise online threats by anticipating, detecting, and eliminating online security issues, i.e. during the design and development phase.

The topics in this course have focused on building an understanding of the Security by Design concept, the Security by Design principles championed by various organisations, and how these principles and practices are applied to secure online products and services, such as the Internet of Things. You have also considered the increasing significance of online security to businesses, their customers, and the general populace.

One of the main learnings from this course is that for security to achieve the best results and to protect organisations and users, it needs to be built into online products and services when they are being built rather than being retrofitted after a security breach has occurred.

© RMIT 2023
This article is from the free online

Security by Design

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now