Security Principles
Jump to navigation
Jump to search
The security principles provide high-level guidance for the design of system security. These principles are abstracted into 3 levels:
- Security Architecture Enterprise Principles
- Security Architecture Design Principles
- Security Architecture System Principles
These principles impact Enterprise Security Architecture
System Principles
- Least Privilege
- An entity should have the least privilege necessary to carry out their responsibilities. This is given for the minimum time needed.
- Privilege Separation
- Compartmentalisation of privileges.
- Fail Safe Defaults
- System defaults should be secure.
- Complete Mediation
- All access to a resource should be checked to see if its allowed. This is an audit.
- Least Common Mechanism
- Minimise Attack Surface
- Limit Trust