A lot of the security is related to processes. We try to design a system that's secure, to prevent people from processing, entering or modifying data.
Don't rely only on designing a system and hoping it's going to work. Test it, and test it with real problems.