11. Describe the term security by design (AC 3.1)

The term security be design is a methodology of creating systems, applications or processes with security in mind from the very beginning, and not as an afterthought. This should significantly reduce the risk of vulnerabilities and attacks.

According to security.gov.uk there are 10 principles to follow: 1.Create responsibility for cyber security risk Assign risk owners to be accountable for risks. These must be senior stakeholders with experience, knowledge and authority to lead on security activities. 2. Source secure technology products If using third-party products, ensure there are no security vulnerabilities. 3. Adopt a risk-driven approach Establish how risky the project is and continue doing so through out it's life time as cyber is ever evolving. 4. Design usable security controls Perform regular user research and implement findings into service design to make sure security processes are fit for purposes and easy to understand 5. Build in detect and respond security Design your project in a way where you expect vulnerabilities and incidents and are equipped to log those appropriately. 6. Design flexible architectures Make sure your project can be updated and upgraded as time goes on. 7. Minimise the attack surface Use the absolute minimum of capabilities, software, data and hardware components necessary. If an attack happens, it'll mitigate the impact. 8. Defend in depth Create layered controls across a service. This way, the attackers will not fully compromise the system. 9. Embed continuous assurance Make sure security is constantly checked and tested to ensure it works well. 10. Make changes securely Build security into every step: planning, creating and launching.