Security Principles Flashcards

1
Q

Name 10 Security Principles

A

Least Privilege, Complete Mediation, Secure fail-safe defaults / Implicit deny, Compartmentalization, Minimum Exposure, Open Design, Economy of Mechanism, Defense in Depth, Least Common Mechanism, Psychological Acceptability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the principle of Least Privilege?

A

A subject should not have more privileges than necessary to complete its approved job.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the principle of Complete Mediation?

A

Access to every object must be controlled in a way not circumventable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the principle of Secure, fail-safe defaults / Implicit deny?

A

Security systems should start in a secure state and return to a secure default state in case of failures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the principle of Compartmentalization?

A

Organize resources into groups isolated from each other, except for limited, controlled means of communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the principle of Minimum Exposure?

A

Minimizing the “attack surface” the system presents to a potential adversary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the principle of Open Design?

A

No security by obscurity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the principle of Economy of Mechanism

A

Security mechanisms should be as simple as possible

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the principle of Defense in Depth?

A

A system should employ multiple layers of security mechanisms to hinder a potential attacker

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the principle of Least Common Mechanism?

A

Mechanisms used to access resources should not be shared.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the principle of Psychological Acceptability?

A

A security mechanism should not make a resource more difficult to access than if the mechanism was not present.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the major limitation of security principles?

A

They are abstract and not constructive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Can we define security design patterns?

A

Yes and no. On a high (abstraction) level this is possible (principles, architecture e.g. DMZ). On a lower level this is difficult as security is a cross-cutting concern.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly