Please enable JavaScript.
Coggle requires JavaScript to display documents.
1 - Secure Design Principles - Coggle Diagram
1 - Secure Design Principles
Objects and Subjects
Transitive Trust
A trusts B and B trusts C, so A trusts C
Subject = Actor
Object = passive resource
Closed and Open Systems
Closed systems
Designed to work well with narrow range of other systems, generally all from the same manufacturer
Often proprietary and not normally disclosed
Open systems
Designed using agreed-on industry standards
Much easier to integrate with systems from different manufacturers that support the same standards or that use compatible application programming interfaces (APIs)
Open-source vs. closed-sources
A closed system can be open-source or closed-source
An open system can be open-source or closed-source
Secure defaults
Never assume that the default settings of any product are secure
Make the default settings more constraining but more secure
Fail securely
Exception management
Input validation/sanitization/filtering
Physical and digital products
Fail-Open
System remains open or accessible when it fails.
Fail-Closed
System blocks all access or traffic when it fails.
Fail-Safe
System defaults to a safe state for people when it fails.
Fail-Secure
System defaults to a secure (locked) state when it fails.
Keep it simple and small
The more complex a system, the more difficult it is to secure
"Don't repeat yourself" (DRY) => eliminate redundancy
Computing minimalism => use the least necessary hardware and software resources possible
Rule of Least Power => Use the least powerful programming language that is suitable for the needed solution
Worse is better => The quality of software does not necessarily increase with increased capabilities and functions
"You aren't gonna need it" => do not write capabilities or functions until you need it
Zero trust
Nothing and no person inside the organization is automatically trusted
Always assume a security breach has occurred and that whoever or whatever is making a request could be malicious
Goal: have every access request be authenticated, authorized, and encrypted prior to the access being granted to a resource or asset.
Micro-segmentation: divide an internal network into numerous subzones with separation between them by an internal segmentation firewall (ISFW), subnets or VLANs
Requirements
ISFW
MFA
IAM
Nextgen endpoint security
NIST SP 800-207 "Zero trust Architecture"
Privacy by design
Global Privacy Standard (GPS)
Secure Access Service Edge (SASE)
SASE (Secure Access Service Edge) combines network connectivity and cloud-based security controls.
It verifies who the user is and what they can access, enforcing policy at the edge — instead of inside the corporate network like a traditional VPN.
Threat Modeling
Least privilege
Defense in Depth
Separation of duties
Shared responsibility
Trust but verify
No longer adapted as it leaves the security risks with internal threats