We are continuously working on updates on this publication. Join the team and contribute too! The latest version of this publication is always online at

Freedom is, was and will always remain important. This applies to our physical world as well as our digital world. To maintain our freedom we need protection and good IT security. Good security brings freedom the way you want and enables you to exchange information without censorship or monitoring. Your secret information and your communication belongs to you. So take measurements to make is yours again.

Privacy needs solid security to start with, but if you value your own freedom, you should respect your customers freedom too. So make sure your users can trust you. So respect their privacy by using tangible privacy measurements by design principles when creating new solutions.

Good security and privacy do not have to be endlessly expensive. It all starts with good architecture and a solid design. This reference architecture gives you a head start for creating your specific security and privacy designs. You can use the proposed security and privacy principles and the sample requirements to start with. Furthermore you can use or start with security models we present in this reference architecture  as well. Also a list of example security system building blocks is presented. Since open source solutions can be valuable to lower security risks and reduce cost in your organization all presented solutions in this reference architecture are open source. This book also presents a list of criteria to evaluate the quality of OSS security and privacy solutions is.

Good privacy and security is difficult and complex. Making use of information presented in this book assures you do not have to reinvent the wheel so to say. Good security and privacy design for information systems is important. So do not lose your valuable time on trivial aspects. You need your time to solve the security and privacy challenges for your unique situation!

Good protection for our privacy is getting more and more difficult and expensive. In our opinion freedom requires very strong privacy protection assurances. We do not live a world where cyber security is always at a normal (low) risk level. You need more protection measurements by default to protect your core information assets like personal and business information and your valuable privacy data records. We still have a long way to go. But using solutions provided in this reference architecture lowers your security and privacy risks.

For privacy and security we need strong governance institutes that set rules to keep our (online) freedom.

If you want to help to remain freedom and want a more secure world, consider to support e.g. The Electronic Frontier Foundation ( ), a non-profit organization defending civil liberties in the digital world. Or support a similar local non-profit organization in your country.