Skip main navigation

New offer! Get 30% off one whole year of Unlimited learning. Subscribe for just £249.99 £174.99. New subscribers only. T&Cs apply

Find out more

What is Security by Design and why is it important?

Provide a brief introduction to the concept of Security by Design.
Man standing working at computer in high tech office

Online security is essential for every internet user to ensure protection from the risks and threats that are prevalent in the online environment.

Robust information security is imperative to do things the way we do today – internet banking, online purchasing, using social media, connecting to devices through the Internet of Things (IoT), and so on. However, it is not uncommon to hear of data breaches affecting leading companies that host various services and hold user information. These organisations include leading businesses such as Twitter, Door Dash, and Uber in the global context, and Medibank and Optus in Australia. These data breaches highlight the difficulty of securing information systems once they are built and operational, no matter how resourceful the organisation.

As organisations embrace ever-evolving new technologies with an expectation to gain business advantage by offering superior online products and services, it is highly likely that they will come across applications and devices that are not built with security in mind. Developers face time, resource, and capacity constraints as they operate in a cloud computing setting to ensure the “rapid delivery” of applications. Creating software that is not secure leads to software flaws and vulnerabilities that could be exploited by cyber criminals and cause security breaches.

Security by Design focuses on preventing cyber security breaches rather than retrofitting ‘fixes’, repairing issues, and restoring systems after a company has been hit by a breach. Also sometimes known as secure by design or secure by default, Security by Design means that companies think about cyber security during the product and service design phase and build it into the product or service to improve the efficacy of the product/service.

In this context, Security by Design is a concept that addresses the provisioning of secure software, thereby increasing its reliability. The expectation is to build reliable and secure software to operate in a widening threat landscape. If done well, Security by Design can maximise software security and minimise the need for traditional cyber security measures, such as vulnerability assessments and penetration testing.

Security by Design requires rethinking the overall software development process as well as governance models to ensure information security. These are aspects that will be explored in this course.

© RMIT 2023
This article is from the free online

Security by Design

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now