Browse Definitions :
Definition

security by design

Ivy Wigmore
By

Security by design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices.

An emphasis on building security into products counters the all-too-common tendency for security to be an afterthought in development. Addressing existing vulnerabilities and patching security holes as they are found can be a hit-and-miss process and will never be as effective as designing systems to be as secure as possible from the start. 

Security by design is rapidly becoming crucial in the rapidly developing Internet of Things (IoT) environment, in which almost any conceivable device, object or entity can be given a unique identifier (UID) and networked to make them addressable over the Internet. One of the major challenges of IoT security is the fact that security has not traditionally been considered in product design for networking appliances and objects that have not traditionally been networked. 

The security by design model contrasts with less rigorous approaches including security through obscurity, security through minority and security through obsolescence. 

This was last updated in July 2015

Continue Reading About security by design

Networking
  • Telnet

    Telnet is a network protocol used to virtually access a computer and provide a two-way, collaborative and text-based ...

  • big-endian and little-endian

    The term endianness describes the order in which computer memory stores a sequence of bytes.

  • Address Resolution Protocol (ARP)

    Address Resolution Protocol (ARP) is a protocol that maps dynamic IP addresses to permanent physical machine addresses in a local...

Security
  • Mitre ATT&CK framework

    The Mitre ATT&CK (pronounced miter attack) framework is a free, globally accessible knowledge base that describes the latest ...

  • timing attack

    A timing attack is a type of side-channel attack that exploits the amount of time a computer process runs to gain knowledge about...

  • privileged identity management (PIM)

    Privileged identity management (PIM) is the monitoring and protection of superuser accounts that hold expanded access to an ...

CIO
HRSoftware
  • employee resource group (ERG)

    An employee resource group is a workplace club or more formally realized affinity group organized around a shared interest or ...

  • employee training and development

    Employee training and development is a set of activities and programs designed to enhance the knowledge, skills and abilities of ...

  • employee sentiment analysis

    Employee sentiment analysis is the use of natural language processing and other AI techniques to automatically analyze employee ...

Customer Experience
  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

  • customer insight (consumer insight)

    Customer insight, also known as consumer insight, is the understanding and interpretation of customer data, behaviors and ...

  • buyer persona

    A buyer persona is a composite representation of a specific type of customer in a market segment.

Close