If you were tasked with designing a security framework for a new application at Tavant, what steps would you take?