Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam

Content written for

Small & medium business
Large organisations & infrastructure
Government

Why adopt Secure-by-Design?

Products and services house critical data that, when compromised, can have severe economic, reputational and privacy impacts on individuals and organisations. Vulnerabilities – that could have easily been prevented – are increasingly resulting in everyday Australians being impacted by cybercrime and data breaches. Now more than ever, it is crucial for technology manufacturers and consumers to ensure the security of their products and services by adopting Secure-by-Design.

What is Secure-by-Design?

Secure-by-Design is a proactive, security-focused approach to the design, development and deployment of products and services that necessitates a holistic organisational approach to cyber security. Secure-by-Design requires cyber threats to be considered from the outset to enable mitigations through thoughtful design, architecture and security measures. Its core value is to protect consumer privacy and data through designing, developing and delivering products and services with fewer vulnerabilities, and then ensuring security is maintained throughout their life cycle.

Secure-by-Design

What can manufacturers and consumers expect?

Secure-by-Design emphasises the need for technology manufacturers to assume utmost responsibility for the security of their products and services, ensuring that security is the focal point of their entire life cycle and that they are released with as few vulnerabilities as possible. While consumers should be able to expect and demand products and services that are secure and free from vulnerabilities, they also have unique and important roles under the Secure-by-Design approach. Importantly, consumers must proactively educate themselves, understanding the risks associated with acquiring and operating products and services, and the mitigations needed to lessen their likelihood and impact.

What is Secure-by-Default?

‘Secure-by-Default’ refers to products and services that are secure to use ‘out of the box’, with little to no additional setup or configuration required to achieve an adequate security baseline. Importantly, all built-in security measures, such as multi-factor authentication, auditing and event logging, are included in the base product at no additional cost to the consumer. Users are made acutely aware of the known risks that may be realised if any deviations from default configurations are made, as well as the increase in likelihood or impact of compromise unless additional mitigations are implemented.

What are Secure-by-Design Foundations

The Secure-by-Design Foundations provide a logical and actionable framework for adopting Secure-by-Design. Each Foundation contains guidance for technology manufacturers and consumers, outlining required actions, risks mitigated and benefits realised.

Feedback

Encouraging and enabling manufacturers and consumers to uplift their security via a Secure-by-Design approach is a core priority for Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC). Secure-by-Design is an ongoing work stream empowered through engagement, the release of enabling tools and guidance, and the uplift of better-practice security standards across the Australian digital landscape.

If you would like to share your ideas or provide feedback, please get in touch.

Feature publications

Shifting the Balance of Cybersecurity Risk

Principles and Approaches for Security-by-Design and Default

Choosing Secure and Verifiable Technologies – Executive Guidance

This guide supports senior leaders to enable their organisations to understand their threat environment and make better-informed assessments and decisions to procure secure technologies.

Choosing Secure and Verifiable Technologies

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) and international partners have provided recommendations in this guide as a roadmap for choosing secure and verifiable technologies.

Safe software deployment: how software manufacturers can ensure reliability for customers

It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements

The Case for Memory Safety Roadmaps

This guidance provides manufacturers with steps to create memory safe roadmaps and implement changes to eliminate memory safety vulnerabilities from their products

Exploring memory safety in critical open source projects

This publication follows the December 2023 release of The Case for Memory Safe Roadmaps, which recommended software manufacturers create memory safe roadmaps, including plans to address memory safety in external dependencies, which commonly include open source software (OSS). This publication provides a starting point for these roadmaps by investigating the scale of memory safety risk in selected OSS.

IoT Secure-by-Design Guidance for Manufacturers

This guidance has been produced for manufacturers in order to help them implement thirteen secure-by-design principles.
Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it