Secure by design

Secure by design (SbD) is a cyber security and systems engineering concept that mandates that security be incorporated into systems from the outset rather than as an afterthought. Instead of being retrofitted later through patching or external controls, it focuses on integrating security requirements into the architecture itself by incorporating protections at the very beginning of the design process for hardware, software, and services.

Assuming that systems will be attacked, Secure by design entails limiting their architecture to make compromises challenging, contained, and recoverable. It highlights strategies like defence in depth, minimising attack surfaces, the principle of least privilege principle, and integrating detection and response mechanisms. SbD treats security as a design constraint on par with performance, usability, and cost, in contrast to reactive approaches that mainly rely on vulnerability management after deployment.

Since significant cyber events, such as supply chain breaches and ransomware campaigns, have shown the shortcomings of reactive security, secure by design has gained popularity in the twenty-first century. SbD practices are now more frequently required by governments, businesses, and standards organisations in a variety of domains, from consumer Internet of Things (IoT) devices to defence systems. There are similarities between the idea and related paradigms like safety by design, privacy by design, and the larger trend towards resilient systems engineering.

This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.