The main design practices and principles to consider would be:
| Principles | Objectives |
| Defense in depth. | Introduce multiple layers of security to reduce the likelihood of system compromise. |
| Simplicity of design. | Reduce design complexity to minimize the number of exploitable vulnerabilities by the attacker and weaknesses in the system. |
| Least privilege. | What is not expressly permitted is prohibited. |
| Separation of privileges. | Assignment to the different entities in a role that involves access to a subset of roles or tasks and the required data. |
| Domain separation. | Minimize the likelihood that malicious actors will easily gain access to memory locations or data objects on the system. |
| Separation code, executables and configuration and program data. | Reduce the likelihood that a cyber attacker who has accessed program data can easily locate and access executable files and program configuration data. |
| Insecure production or execution environment. | Avoid vulnerabilities by applying a series of principles of validation of the inputs. |
| Security event log. | Generate security events (logs), to ensure the actions performed by a cyber attacker are observed and recorded |
| Fail safely. | Reduce the likelihood that a software failure can bypass the application's security mechanisms, leaving it in an insecure failure mode vulnerable to attack |
| Rugged software design | Minimize the amount of time that a component of a faulty or failed software remains unable to protect itself from attacks. |
| Security by darkness: error | Become aware that security through darkness is a defense mechanism that can provide an attacker with information to compromise the security of an application. |
| Default security | Reduce the attack surface of an application or system. |