This course will provide attendees with a solid foundation in the design of secure systems and products. We will define what cyber security means in a product development context and how it contributes to safe and reliable operation. To this end, we will need to clarify how security engineering differs from traditional safety and reliability engineering and how it is embedded into the overall systems engineering context. Although the entire product life cycle will be covered, emphasis will be put on the design and development phases, as these are the most important ones from the cyber security perspective. We will look into how to define a product security context and how to derive basic security architecture principles from it. We will then proceed with developing security risk assessment techniques and apply them to the system under design, i.e. we will elaborate on how risk assessment outcomes will result in security requirements that will need to be implemented in the system. Finally, we will discuss how security properties of a system can be validated and verified, both during the development and after entry into service. The course will focus on dependable systems in order to emphasize the intimate relation between safety and security.