One of the key steps in designing a secure system is building a security model.

A security model describes the assumptions that are made about the system, the conditions under which security can be provided, and identifies the threats to the system and their capabilities.

A security model should include an analysis of the system’s attack surface (what components can come under attack), realistic threat vectors (where attacks come from), the parties that can attack the system and their capabilities, and what countermeasures will be required to provide security.

It is important to begin discussing the security requirements during the initial stages of the system’s design for the same reasons it is important to consider the other technical requirements.

The security components must service the other objectives of the system; they must do something useful inside the specifications of the system.

References

Next -> on-errors-in-cryptographic-systems