Design and Implementation

The principle of least privilege, where each part of the system has only the privileges that are needed for its function. That way even if an attacker gains access to that part, they have only limited access to the whole system.

Code reviews and unit testing are approaches to make modules more secure.

Defence in depth, where the design is such that more than one subsystem needs to be violated to compromise the integrity of the system and the information it holds.

Default secure settings, and design to “fail secure” rather than “fail insecure” (see fail-safe for the equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.

Audit trails tracking system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks.