DESIGN PRINCIPLES
Design principles in information security are fundamental guidelines that help ensure systems are secure and resilient against threats. These principles provide a framework for creating, implementing, and maintaining secure information systems.
- Least Privilege: Users and systems should only have the minimum level of access necessary to perform their functions. This reduces the risk of accidental or malicious misuse of privileges.
- Defense in Depth: Multiple layers of security controls should be implemented to protect information systems. This way, if one layer fails, others still provide protection.
- Fail-Safe Defaults: Systems should default to a secure state in the event of a failure. Access should be denied by default and granted only when explicitly allowed.
- Separation of Duties: Critical tasks should be divided among multiple individuals to prevent fraud and error. No single person should have control over all aspects of any critical function.
- Complete Mediation: Every access to a resource must be checked for the appropriate authorization. No access should be assumed to be safe without verification.
- Open Design: The security of a system should not depend on the secrecy of its design or implementation. Security through obscurity is not a reliable security mechanism.
- Economy of Mechanism: Security mechanisms should be as simple as possible. Complex systems are harder to understand, test, and secure.
- Psychological Acceptability: Security mechanisms should not make the system difficult to use. If security measures are too cumbersome, users may find ways to bypass them, weakening security.
- Least Common Mechanism: Mechanisms used to access resources should not be shared more than necessary. Sharing mechanisms increase the risk of one user’s actions affecting others.