Cyber Security Principle

Principles of Cyber Security

The following are some of the essential cyber security principles:

• Economy of mechanism
• Fail-safe defaults
• Least Privilege
• Open Design
• Complete mediation
• Separation of Privilege
• Least Common Mechanism
• Psychological acceptability
• Work Factor
• Compromise Recording

Economy of Mechanism

Security systems should be as basic and modest as feasible. The notion of a mechanism economy makes security mechanism design and deployment easier. There are fewer errors if the design and execution are basic and tiny. Since the verification and testing procedure is simplified, fewer components must be checked.

The suspect area is the interfaces between security components, which should be as basic as feasible. Interface modules frequently make implicit assumptions about input or output parameters and the system's present state. If any of these assumptions are incorrect, the module's activities may have unintended consequences.

Developers and consumers can easily comprehend the security structure, which allows for rapid development and verification of enforcement mechanisms.

Fail-safe Defaults

According to the concept of the fail-safe default, a system's default configuration should use a conservative protection approach. When a topic or object is formed, this concept also limits how privileges are initialised. It should not be provided access to an object if access, privileges/rights, or other security-related characteristics are not expressly granted.

For example, when a new user is added to an operating system, the person's default group should have lower access permissions to files and services.

Least Privilege

According to this theory, a user should only have the privileges necessary to fulfil his work. Its primary job is to manage the rights provided to users rather than the user's identity. This implies that if your supervisor requests root access to a UNIX system you work with, you should not grant it unless they have a task that necessitates it. If feasible, a user identity's higher permissions should be deleted as soon as they are no longer required.

Open Design

According to this notion, the security of a mechanism should not depend on the secrecy of its design or implementation. It implies that complexity does not contribute to safety. This notion is the polar opposite of the "security via obscurity" strategy. This approach applies to information like passwords, cryptographic systems, and other computer security procedures.

Content Scrambling System (CSS) protection on a DVD player is one example. CSS is a cryptographic method that prevents the illegal copying of DVD movie discs.

Complete Mediation

The notion of comprehensive mediation prohibits information caching, which frequently leads to more straightforward mechanism implementations. This concept states that every access to objects must be evaluated for conformity with a protection scheme to verify that they are permitted. As a result, performance enhancement approaches that preserve the information of prior authorization checks should be avoided because permissions might change over time.

When someone wants to access an item, the system should verify that the subject has the appropriate access privileges. The subject's access permissions are evaluated once during the initial access, and the system believes that the subject and object have the same access rights for subsequent accesses. The operating system should mediate all access to an object.

For example, an online banking website should ask users to check in again after a particular amount of time has passed, such as twenty minutes.

Separation of Privilege

According to this idea, a system should provide access authorization depending on the fulfilment of many conditions. Since it restricts access to system entities, this principle may be restrictive. As a result, more than two verifications should be completed before granting the privilege.

Two requirements must be completed to change to root.

• The user must know the root password.
• The user must be a member of the appropriate group (wheel).

Least Common Mechanism

This concept asserts that in systems with numerous users, procedures that allow multiple users to share resources should be limited to the greatest extent practicable. This idea may be limiting since it restricts resource sharing.

For example, suppose more than one person needs access to a file or programme. In that case, these users should access these resources over distinct channels, which helps to avoid unintended effects that might lead to security issues.

Psychological Acceptability

This concept asserts that if a security measure is not there, it should not make it more difficult to access the resource. In computer security, the psychological acceptability concept considers the human factor. The user will not apply the appropriate security procedures if security-related software or computer systems are too difficult to set up, maintain, or run. If a password is matched during a password change procedure, the password changing tool should explain why it was disallowed rather than simply returning an oblique error message. Simultaneously, apps should not transmit unneeded information that might undermine security.

For example, when we input an incorrect password, the system should merely inform us that the user id or password was incorrect. It should not alert us that only the password was incorrect, providing information to the attacker.

Work Factor

When constructing a security strategy, this concept emphasises that the cost of overcoming a security measure should be compared to the resources of a possible attacker. In some instances, the cost of avoiding (also known as the effort factor) can be computed. To put it another way, the work factor is a specific cryptographic metric for determining the strength of a cypher. Although it may not directly relate to cybersecurity, the general notion does.

Assume that 24⁴ = 331776 trials are required to attempt all possible four-character passwords. A four-character password could be sufficient if the potential attacker must try each experimental password at a terminal. On the other hand, a four-letter password would be a minor stumbling block for a prospective intruder if they had access to an astronomical computer capable of testing a million passwords every second.

Compromise Recording

The compromise recording concept suggests that recording the specifics of an incursion is sometimes preferable to taking a more complex action to avoid it.

For example, servers may store logs of every file access in an office network, all emails sent and received, and web surfing sessions. Another example is Internet-connected surveillance cameras, a common type of compromise recording system installed to defend a structure.

FAQs

1. What do you mean by the cyber security principle?

Ans: The internet industry and government in the United Kingdom recognised the need to produce a set of Guiding Principles to improve ISP customers' online security and prevent the surge in cyber-attacks. For these goals, cyber security principles entail safeguarding critical information, processes, and systems connected to or kept online, with a broad view spanning the human, technological, and physical domains.

2. What are the principles of cyber security? Name them.

Ans: The following are some of the essential cybersecurity principles:

1. Economy of mechanism
2. Fail-safe defaults
3. Least Privilege
4. Open Design
5. Complete mediation
6. Separation of Privilege
7. Least Common Mechanism
8. Psychological acceptability
9. Work Factor
10. Compromise Recording

3. What is the purpose of the cyber security principle?

Ans: The cyber security principles are designed to give organisations strategic direction on safeguarding their systems and data against cyber attacks.

4. What do you mean by fail-safe defaults?

Ans: The principle of fail-safe defaults asserts that a subject should be refused access to an object until it is explicitly granted access. According to this concept, the default access to an object must be none.

5. What is the least common mechanism?

Ans: According to the idea of the least common mechanism, strategies for gaining access to resources should not be shared. Sharing resources creates a conduit via which information might be conveyed; hence it should be avoided as much as possible.

Key Takeaways

In this article, we have discussed cyber security principles like the economy of mechanism, fail-safe defaults, least privilege, open design, etc. We also have discussed the purpose of the cyber security principle.

We hope that this blog has helped you enhance your knowledge regarding cyber security principles and if you would like to learn more, check out our articles on Cyber Security Technology, Security Goals and Security Policy.

Refer to our guided paths on Coding Ninjas Studio to learn more about DSA, Competitive Programming, JavaScript, System Design, etc. Enrol in our courses and refer to the mock test and problems available, Take a look at the interview experiences and interview bundle for placement preparations.

Do upvote our blog to help other ninjas grow. 

Happy Coding!