The document discusses principles of information security and service design. It advocates designing security into systems from the start rather than adding it as an afterthought. Following human and organizational needs and understanding risk appetite are important. Security should be user-friendly, fail safely with separation of duties, and avoid relying solely on obscurity. As technology shrinks, security challenges will also need to adapt rapidly.