Security Principles

Security Principles#

Good cyber security principles are simple but crucial for creating a cyber security solution for your context.

What are principles?

Principles are statements of direction that govern selections and implementations. That is, principles provide a foundation for decision making.

Principles are used within business design and successful IT projects.


  • A principle is a qualitative statement of intent that should be met by the architecture.*

Security architecture principles are used to translate selected alternatives into basic ideas, standards, and guidelines for simplifying and organising the construction, operation, and evolution of systems.

It is important to draw an early differentiation between standards, requirements, and principles.

  • Standards are “musts”; that is, they require compliance.

  • Requirements articulate specific needs that must be met by a specific solution.

  • Principles, on the other hand, are more general and serve as a framework for making choices by providing guidance about the preferred outcome of a decision in a given context.

As such, the purpose of our collected principles is to support decision making with regard to security and privacy design within all organizations.

Principles guide architects, consultants and designers with decision making. Within business design and architecture, you find many people with strong opinions with what a good and usable principle is or is not. Discussion is always good to get a better understanding of each other mental maps. However, discussions on what a good security principle is, should be target on what you can do with principles. How principles help you and your company? Can principals help you doing projects faster and better? Can principles prevent your company architecture and software systems becoming the next IT over complexity landscape?

Having security and privacy principles are a crucial foundation as they establish the basis for a set of rules and behaviours for any organization.

Security principles are statements of direction that govern selections and implementations.

Security principles provide a foundation for decision making and are crucial to have for any new design.


In these sections you find good principles to create your security solution.