Introduction¶
This section introduces the foundational concept of Security By Design, explaining what it truly means to build security into a system from its very inception rather than bolting it on afterwards. It discusses why Security By Design is best understood not as a single practice but as a framework of interdependent topics, each addressing a different facet of secure system creation. This part then explores the critical distinction between explicit knowledge and tacit knowledge in security, and why mastering both is essential for moving beyond checklists to genuine engineering judgement.
Learing Objectives¶
By the end of this section, you should be able to:
Define Security By Design – Explain the core philosophy of proactive, embedded security and contrast it with reactive, perimeter-focused approaches.
Describe the framework of Security By Design topics – Identify the key interdependent topics (such as threat modeling, risk assessment, security architecture, and security culture) and explain why no single topic is sufficient on its own.
Distinguish between explicit and tacit knowledge in security – Recognise the difference between codified rules (explicit) and experience-based judgement (tacit), and explain why both are necessary to master Security By Design.