A system and method of designing a secure solution which meets the needs of a customer but which is appropriate and repeatable and may use components which are insecure or not trusted. In its preferred embodiment, the security system includes subsystems selected from access control, information flow, identity and credentials management, integrity and assurance In each subsystem, elements are employed to reduce the effect of perils and to provide a repeatable system design.