You'll find a lot of articles and threads with google.


For as much security as possible, you need 1 thing:
An completely airgapped computer. Not connected to any network, no wifi/bluetooth, etc..

How exactly you store your private keys, is up to you.
You could use a core wallet.dat file, electrum, a hardware wallet which you only connect to that computer, an encrypted text file with private keys, multisig spread across multiple airgapped computers, etc...