Statement: Security by design refers to one of the prime principles found in any standard and in any practice throughout the whole of IT.
Rationale:
Security by design encompasses the protection of valuable assets, by securing them safely within the boundaries of organizations, taking into account the ownership of the assets. This means that in any circumstance, one has to attend to the valuable property, being 'data' and 'technology' as a whole, both by securing access to (data)assets and by securing the proliferation of data(assets) outside the boundaries, for which one is responsible.
Security by design (or secure by design), sometimes abbreviated “SbD,” is a new industry term for a range of security practices built on one fundamental idea — that security should be built into a product by design, instead of being added on later by third-party products and services.
Implications:
Security by design implies the control and the security approach to the whole process of creating Digital Public Service, from the design to the implementation. This approach has holistic implications on the whole process and its layers of it (Legal level, organisational level and technical level).
Principle Source: Security and Privacy Underlying Principle (8) of European Interoperability Framework (EIF)
Principle Source URL: https://joinup.ec.europa.eu/collection/nifo-national-interoperability-f…
Scope: Business Agnostic
Category: Digital Public Service Operation
Interoperability Layer: Legal IoP, Organisational IoP, Technical IoP
PURI: