Universiteit Leiden

nl en


Shielding software systems: A comparison of security by design and privacy by design based on a systematic literature review

In this article, Cristina Del-Real, Els de Busser and Bibi van den Berg systematically search and review relevant definitions of Security by Design (SbD) in comparison with Privacy by Design (PbD).

Cristina Del-Real, Els de Busser and Bibi van den Berg
06 January 2024
Read the full article here

This study systematically searches and reviews relevant definitions of Security by Design (SbD) in comparison with Privacy by Design (PbD). The design of software systems plays a crucial role in mitigating cybersecurity incidents. SbD aims to ensure foundational security throughout the design process. However, it lacks a precise interdisciplinary definition. Comparing it with PbD, which has seen more conceptual development, highlights the need for a comprehensive understanding of SbD.

Definitions varied in descriptions of SbD and PbD, the objects of protection, outcomes to avoid, means of implementation, and lifecycle focus. PbD definitions adopted a rights-based approach, anchored in Ann Cavoukian's principles and an interdisciplinary perspective. The goal was to scrutinise the concept of SbD. In accordance with the PRISMA-ScR guidelines, the authors identified 46 distinct records, from which we extracted a total of 86 definitions. Upon conducting a preliminary analysis of the definitions, the research team identified 12 recurring themes. 

SbD and PbD definitions lack clarity and uniformity. PbD is better defined, while SbD lacks anchorage and has varied approaches. Both should protect individuals and organisations, address cyber-attacks, and be implemented early in the development process. PbD is more comprehensive, involving technology and organisation, while SbD focuses mainly on the technical product. PbD is associated with recognised rights, but the connection between SbD and human rights is unclear.

This website uses cookies.  More information.