Build security into the system life cycle across all architectural layers - identify and categorize information based on the degree of injury that could be expected to result from a compromise of its confidentiality, integrity and availability - implement a continuous security approach, in alignment with Centre for Cyber Security’s IT Security Risk Management Framework; perform threat modelling to minimize the attack surface by limiting services exposed and information exchanged to the minimum necessary - apply proportionate security measures that address business and user needs while adequately protecting data at rest and data in transit - design systems to be resilient and available in order to support service continuity