The term “Security by Design” refers to an approach where security considerations are embedded into system design and implemented before the system becomes operational. Thus, appropriate security policies, tools, and methods are embedded into the system during its implementation instead of doing so after the system is operational. Security by Design requires careful analysis of system requirements—both functional and non-functional – assuming that the system will operate in a malicious environment.