> For the complete documentation index, see [llms.txt](https://specs.govstack.global/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://specs.govstack.global/overview/23q4/govstack-ui-ux-guidelines/3-service-design-good-practice-guidelines/3.4-technology-choices/3.4.1.1-choose-the-right-level-of-security.md). # 3.4.1.1 Choose the right level of security Choose proportionate security to control and monitor your technology programme. Security should protect your information technology and digital services, and enable users to access the data they need for their work. GovStack offers specific [guidance for designing a secure system](https://govstack.gitbook.io/specification/security-requirements). ## Steps 1. Evaluate the sensitivity of the data you're handling. 2. Based on the evaluation, choose appropriate encryption methods and robust user authentication systems. Use the [OWASP Cheat Sheet](https://owasp.org/www-project-cheat-sheets/) Series as a guide: * **Authentication Cheat Sheet:** This provides guidance on implementing secure authentication systems, which is a fundamental aspect of security. * **Session Management Cheat Sheet:** This covers the best practices for handling user sessions securely. * **Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet:** CSRF is a common web application vulnerability that your users should be aware of. * **Cross-Site Scripting (XSS) Prevention Cheat Sheet:** XSS is another common vulnerability, and this cheat sheet provides guidance on how to prevent it. * **Transport Layer Protection Cheat Sheet:** This covers how to use SSL/TLS, which is vital for encrypting data in transit. * **Input Validation Cheat Sheet:** Input validation is an essential measure for preventing many types of attacks. * **SQL Injection Prevention Cheat Sheet:** SQL Injection is a common and dangerous vulnerability, and this cheat sheet provides guidance on how to prevent it. * **HTML5 Security Cheat Sheet:** If your users are using HTML5, this cheat sheet covers many of the new security considerations that come with it. 3. Implement the security measures in your system. 4. Test and adjust the security measures to ensure they provide the needed protection without overly impeding usability. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://specs.govstack.global/overview/23q4/govstack-ui-ux-guidelines/3-service-design-good-practice-guidelines/3.4-technology-choices/3.4.1.1-choose-the-right-level-of-security.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.