The developers of the security policy recognize the importance of using both technical and non-technical countermeasures, such as personnel and operational facts, in formulating an effective overall security solution to address threats at all layers of the information infrastructure. This paper uses the security engineering principles for determining appropriate technical security countermeasures. It includes information on threats, security services, robustness strategy, and security mechanism. This paper proposes a countermeasure design flow which may reduce the threats to the information systems.