Nice and concise read.. Their comments on their antipatterns are good.
https://www.ncsc.gov.uk/blog-post/secure-systems-design–new-guidance-now-available
Cyber security design principles
1. Establish the context before designing a system
2. Making compromise difficult
3. Making disruption difficult
4. Making compromise detection easier
5. Reducing the impact of compromise
Antipatterns
Anti-pattern 1: ‘Browse-up’ for administration
Anti-pattern 2: Management bypass
Anti-pattern 3: Back-to-back firewalls
Anti-pattern 4: Building an ‘on-prem’ solution in the cloud
Anti-pattern 5: Uncontrolled and unobserved third party access
Anti-pattern 6: The un-patchable system