Introducing security and security functionality in a large scale communication and information system will increase the complexity of these systems. Complexity in general is seen as an important aspect of possible insecure systems. In this paper we describe the threats that need to be addressed if a specific security solution like the DESEREC (dependability and security by enhanced reconfigurability) framework is deployed in a large scale communication and information system. Also the necessary minimal countermeasures and corresponding security requirements are described. This work reflects our experiences within the DESEREC project, partly funded by the European Union.