Principles Separation of Domains/Duties Isolation Encapsulation Modularity Simplicity of Design Minimization of Implementation Open design Complete Mediation Definitions Is a principle that does not allow This principle protects a one user to have enough access company from a user having to to misuse the system. many permissions and causing problems. The separation of a computer Protects against potential threats network into different zones by containing a threat in a with different trust levels. certain zone instead of contaminating the entire network. Containment of data in a single Protects against attack by not unit. allowing access to the data from code outside of the unit. Are the components of modules If an attack takes place and one of a system. Module module is damaged it can be components can be replaced replaced without ruining the rest without affecting other of the system. components. A less complex system allows Allows for early detection of IT to identify unwanted access open ports so that they may be paths faster. closed before an attack occurs. Principle that keeps things Allows the restriction of small, simple, and easily unwanted data and only accept controllable. data to fulfill a specific purpose. Security of a device or network Ensure a strong security set up should not fully rely on it design outside of how the device or secrecy. network is designed. Ensure that all devices accessing Protects against unauthorized a certain object are allowed. access to a device or network. Least privilege Minimum level of access or permissions to an employee needed to complete their job. Fail Safe Defaults/Fail Secure Denies access to an object unless that subject has the correct permissions/access New security measures should not make a resource more difficult to access for employees. Least Astonishment Explanations Protects against an employee having access or permissions into an area of the company that they have no business being in. Protects against unwanted access to devices and the network. Allows for smooth transition into a new security system without needing to learn new accesses. Minimize Trust Surface Usability Trust Relationships Allow only those on an need to know basis the trust to access a device. The experience a person has when using a system or device. The communication link between two domains. Protects against unwanted accesses. Helps a company decide what security devices to go with based on the user interface. Allows access to different domains for information and data sharing purposes. References. Cyber security principles. Cyber Security Principles | Cyber.gov.au. (n.d.). Retrieved November 17, 2021, from https://www.cyber.gov.au/acsc/view-all-content/advice/cybersecurity-principles. Understanding Domain Separation. - - now support portal. (n.d.). Retrieved November 17, 2021, from https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0715934 #:~:text=Domain%20separation%20allows%20you%20to,this%20separation%20in%20di fferent%20ways.&text=Also%20like%20a%20tenant%20in,that%20other%20domai ns%20cannot%20see. Be ambitious. Insight. (n.d.). Retrieved November 17, 2021, from https://www.insight.com/en_US/be-ambitious.html?utm_medium=paidsearch&utm_source=adwords&utm_campaign=brand_na_na_beambitious_q421.