ITEC 100- WEEK 3

are taken into account when creating any security mechanism for a system.

These principles are evaluated to build a secure system that mitigates

security vulnerabilities and restricts unauthorized access.

Security design principles

Keeps Security designs simple and small to reduce complexity and minimize vulnerabilities.

Economy of Mechanism

Deny access by default and grant permissions only when explicitly allowed.

Fail-safe Defaults

Every access request must be checked for authorization, preventing bypassing of security controls.

Complete Mediation

Security should not rely on secrecy; systems should remain secure even if their design is publicly known.

Open Design

Access control should require multiple independent conditions to enhance security (e.g., multi- factor authentication).

Separation of Privilege

Users and processes should operate with the minimum privileges necessary to perform their tasks.

Least Privilege

Reduce shared components between users to minimize potential attack vectors.

Least Common Mechanism

Security measures should be user-friendly to ensure compliance without frustration.

Psychological Acceptability

Keep critical system components separate to limit the impact of security breaches.

Isolation

Restrict direct access to data and ensure that interactions occur through controlled interfaces.

Encapsulation

Design systems in independent, interchangeable components to enhance security and maintainability.

Modularity

Implement multiple layers of defense to provide redundancy in case one layer fails.

Layering

System behavior should be predictable and intuitive to avoid user errors that compromise security.

Least Astonishment

A well-designed security system is essential for protecting data, resources, and users by minimizing vulnerabilities, mitigating risks, and enforcing access controls. The effectiveness of security systems, such as cameras and alarms, depends on factors like equipment, network infrastructure, and coverage, but strong design is key to optimal performance//

Security by design acknowledges that developers make mistakes, so the goal is to minimize errors and detect them early. This can be achieved through nine key steps

Designing Security

Leverage secure, well-maintained tools and libraries.

Use Proven Technology

Educate developers on threats and security principles.

Create Awareness

Provide security guidelines in context rather than relying solely on developer knowledge.

Limit Instruction Dependence

Keep code clean and manageable to reduce security risks.

Ensure Maintainability

Use tools to detect vulnerabilities efficiently.

Automate Security Checks

Supplement automated tools with expert security assessments

Conduct Manual Reviews

Incorporate data protection measures.

Integrate Privacy by Design

Develop a structured plan for ongoing security enhancements.

Continuously Improve

Apply security principles retroactively to legacy code.

Secure Existing Systems