Design your digital services to be difficult to compromise and disrupt. Limit the impact of a compromise and make it easy to detect a successful attack.
Good design should:
- Make services hard to compromise
Designing with security in mind means using concepts and techniques which make it harder for attackers to compromise the service using commodity techniques
- Reduce the impact of a compromise
Design the service with the expectation that it will include some vulnerabilities and that the exploitation of a single one should not result in a significant compromise
- Make compromises easy to detect
Even if you take all available precautions, there’s still a chance your system will be compromised by a new or unknown attack. If this happens you want the best chance of detecting the compromise
- Make services hard to disrupt
Service availability is often a paramount concern, and good design can help deal with attacks intended to affect it
We have published a set of security design principles which can be used by technical architects and developers to guide the design process.
Was this guidance helpful?
We need your feedback to improve this content.