What is Secure by Design?

Secure by Design is an approach that embeds security from the outset of any digital transformation programme. At Logiq, we integrate cyber security principles across architecture, system delivery, assurance, and training to help organisations build and operate secure, resilient systems.

Who is Secure by Design for?

Our Secure by Design service is tailored for government departments, defence contractors, and organisations operating within the UK’s critical national infrastructure. It supports any environment where security, assurance, and compliance are essential from day one.

What does the service include?

Secure by Design includes organisational transformation, secure system delivery and assurance, and training to build in-house capability. Each element can be delivered independently or as part of a broader transformation or assurance programme.

How does Secure by Design support compliance?

The service aligns with key standards and frameworks including NCSC guidance, ISO 27001, Cyber Essentials Plus, and MOD assurance requirements such as DEFSTAN 05-138. We help organisations demonstrate cyber maturity and meet governance expectations.

Can you deliver Secure by Design alongside other services?

Yes. Secure by Design integrates seamlessly with our broader cyber security, technical programme support, and solution delivery services. We often deliver it as part of larger programmes where security must be embedded throughout the lifecycle.

Secure by Design vs. Security Control Sets

Logiq

·

Feb 20, 2025

·

Secure by Design

A Comparison through Simon Sinek’s ‘Start with Why’ Philosophy

In cyber security, the concept of Secure by Design is often seen to clash with the traditional security approach of applying security control sets, such as NIST SP 800-53.

Here we compare these two approaches using Simon Sinek’s influential idea of “Start with Why.”

Sinek’s philosophy emphasises the importance of understanding the purpose behind actions, which can be a useful way to compare developing cyber security strategies against deploying cyber security tactics.

Security Control Sets: The ‘What’

Security control sets like NIST SP 800-53 are comprehensive frameworks that outline specific actions organisations should take to protect their information systems. These control sets are detailed and prescriptive. For example, NIST SP 800-53 includes controls for access control, incident response, and system and communications protection, among others. These controls are essential for establishing a baseline of security practices and ensuring compliance with regulatory requirements.

However, while these control sets are invaluable for defining the “what” of cyber security, they often lack context regarding the underlying reasons for these actions. This can lead to a checkbox mentality, where organisations implement controls without fully understanding their significance or how they contribute to the overall security posture.

Secure by Design: The ‘Why’ and ‘How’

In contrast, the Secure by Design approach aligns more closely with Sinek’s “Start with Why” philosophy. Secure by Design emphasises the importance of understanding the purpose behind security measures and integrating security principles from the outset of system development. This approach encourages organisations to ask why a particular security measure is necessary and how it can be effectively implemented.

By focusing on the “why” and “how,” Secure by Design fosters a deeper understanding of security principles and promotes a culture of proactive security. For instance, instead of merely implementing access controls because they are mandated by a control set, Secure by Design would encourage organisations to understand the risks associated with unauthorised access and design systems that inherently mitigate these risks.

Bridging the Gap

While security control sets provide essential guidelines for what needs to be done, Secure by Design offers a complementary perspective by addressing the underlying reasons and methods for implementing these controls. By combining the prescriptive nature of control sets with the purpose-driven approach of Secure by Design, organisations can achieve a more holistic and effective cyber security strategy.

Integrating the “what” from security control sets with the “why” and “how” from Secure by Design can lead to more meaningful and sustainable security practices. This alignment not only enhances compliance but also fosters a security-conscious culture that is better equipped to adapt to evolving threats and challenges. Just as Sinek’s “Start with Why” inspires individuals and organisations to act with purpose, Secure by Design encourages a thoughtful and intentional approach to cyber security.

About Logiq:

Logiq is a NCSC-assured cyber security consultancy and secure managed services provider focused on safeguarding critical organisational data. Our clients are amongst the most demanding in the world and have some of the most stringent and complex security needs. We help to design and develop innovative solutions that enable them to focus on delivering their business securely.