Security Principles

Good cyber security principles are crucial for creating a solid new product.

Definition of security principle

Principles are statements of direction that govern selections and implementations. That is, principles provide a foundation for decision making.

Security by Design principles

When embracing the Security by design approach you must embrace at least the following principles:

• Minimise attack surface area

• Establish secure defaults

• Least privilege

• Defence in depth

• Fail securely

• Don’t trust services

• Avoid security by obscurity

• Separation of duties

• Compartmentalise

• Data is always protected. In transport and in transit.

• Design for secure updates

• Implement least privilege

• Separation of privilege

If you think a principle is not applicable for your situation: Think again. Or better write down your motivation and ask for an expert review on your motivation.

Learn more

Tip

Learn more about security principles Do not reinvent the wheel by defining your own security principles. Make use of already good defined and battle tested security principles. In the Open Security Reference Architecture you can find a set of solid security principles.