Content written for

Small & medium business
Large organisations & infrastructure

Digital products and services are increasingly housing critical data that if compromised can have negative economic, reputational and privacy impacts on individuals and organisations. Australians are increasingly experiencing the lived impacts of cybercrime and data breaches, from vulnerabilities in digital products and services. Now more than ever, it is crucial for technology manufacturers to ensure the security of their digital products and services through a security-first approach. While consumers should continue to take care when using or purchasing any digital products and services, the burden of security should not only fall on consumers. Consumers should be able to expect products that are secure and free from vulnerabilities. However, care should still be taken.

ASD’s ACSC is  promoting Secure-by-Design through the development and launch of information and artefacts. This is an ongoing workstream. We continue to seek further engagement from all interested parties on artefacts that can be developed to help promote, enhance and secure digital products and services through a Secure-by-Design approach. If you would like to share your ideas or provide feedback, please get in touch.

What is Secure-by-Design?

Secure-by-Design is a proactive, security-focused approach to the development of digital products and services that necessitates a strategic alignment of an organisation’s cyber security goals. Secure-by-Design requires cyber threats to be considered from the outset to enable mitigations through thoughtful design, architecture and security measures. Its core value is to protect consumer privacy and data through designing, building, and delivering products with fewer vulnerabilities.


What is Secure-by-Default?

Secure-by-Default is the process of ensuring products are secure to use ‘out of the box’, with little to no additional setup or configuration required.  All built-in security measures are included at no additional cost to the consumer, such as multi-factor authentication (MFA), and audit and security logging. Consumers and users are made acutely aware of the known risks that may be realised if any deviations from the default configuration is made and the increase in likelihood or impact of compromise unless additional mitigations are implemented.

Secure-by-Design Foundations

The Secure-by-Design Foundations (the Foundations) are a first step in ASD’s ACSC's approach to assist technology manufacturers and consumers across industry and government to adopt Secure-by-Design. The Foundations are designed to foster discussion within technology manufacturers on how to best approach Secure-by-Design, and also contain relevant information and actions for technology customers.

Feature publications

Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it