IoT industry is growing at a rapid pace since everyone wants to connect everything to internet in order to use various services and applications using shared data. Openness is observed as an emerging trend in IoT industry. Security & privacy of the data are very important aspects in the design and deployment of the connected devices or Internet of Things. Fast growth in number of connected devices, heterogeneity, constrained resources, privacy, software upgrades and operational environment create important security related challenges in this domain. It is difficult to address challenges even with the considerable amount of existing work that has been done for decades in the area of security & privacy. In this research, a semi-systematic literature survey of the state of the art is conducted related to security & privacy aspects within the IoT area. The results were validated by conducting qualitative survey with IoT practitioners. The efforts have resulted towards identifying several security trends & challenges and security design aspects that can be considered by IoT practitioners in order to design an open and secure IoT system. It can be concluded from the study that security is not only needed but is a mandatory characteristic for IoT. However, there are no general guidelines that can be proposed to address security issues since security is not only a technical problem but is more of an awareness, mindset, people and process issue. In this thesis, a novel model is proposed with openness and security characteristics. This model is grounded based on the theoretical findings and empirical data obtained from IoT practitioners. Each of the characteristics has its own design aspects that needs to be considered by IoT practitioners to design a more secure IoT system.