DENNIS OSADEBAY UNIVERSITY

FACULTY OF COMPUTING
DEPARTMENT OF CYBER SECURITY

COURSE TITLE: INTRODUCTION TO CYBERSECURITY AND STRATEGY (2 Units C: LH 30)

TOPIC: CYBER SECURITY DESIGN PRINCIPLES

1. Economy of Mechanism
2. Fail-safe defaults
3. Least privilege
4. Open design
5. Separation of Privilege
6. Complete mediation
7. Least Common Mechanism
8. Work factor
9. Psychological acceptability
10. Compromise Recording
11. Principles of defense in depth

INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |1

It states that the mechanisms employed for cyber security must be easy to design and implement.
If a security mechanism is complex, its implementation can bring a lot of challenges and at the
same time, is prone to errors.

Example of Economy of Mechanism would be the use of a single sign-on (SSO) system in an
organization. Instead of requiring separate logins for each application (email, project
management, file storage, etc.), an organization implements a single sign-on system. With SSO,
users log in once and are granted access to all approved applications. This streamlined
authentication method reduces the complexity of managing multiple passwords and access points,
which lowers the likelihood of configuration errors, reduces administrative overhead, and
minimizes security vulnerabilities across systems.

Another example would be to design login forms with clear, minimal functionality (username,
password fields only) instead of embedding complex scripts that may introduce vulnerabilities.

Fail-safe Defaults

The principle of fail-safe defaults states that, unless a subject is given explicit access to an object,
it should be denied access to that object. The Fail-Safe Defaults principle ensures that systems
default to a secure state in the event of an error or failure.

In general, a system should restrict access to all the configuration settings and objects until the
system gets restored to its normal state.

Fail-safe defaults prioritize security over convenience, ensuring that systems deny access unless
explicitly allowed. This principle is critical for maintaining security during unforeseen events or
system malfunctions.

Example: When configuring a file-sharing server, administrators set the default permissions to
“deny” for all new users. If a user account is created without specific permissions, they won’t have
access to any files unless explicitly granted. This ensures that accidental permissions are not open
by default, preventing unauthorized access.

Another example: A building uses an electronic keycard system for access. If the system fails (e.g.,
power outage or server crash), the fail-safe default would lock all doors, preventing unauthorized
entry. Authorized personnel would need to follow backup procedures (like manual keys) to
regain access.

INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |2

The principle of least privilege maintains that a user or entity should only have access to the
specific data, resources and applications needed to complete a required task.

Example: A customer service employee needs access to view, but not edit, customer records. They
are given “read-only” access to the database. If they don’t need to update records to perform
their job, this restricted access prevents accidental or malicious changes to customer data.

Open Design

It states that the security of a mechanism should not completely rely on the secrecy of its design
or implementation. If a mechanism completely relies on secrecy to protect data, it becomes
completely vulnerable and wide open to attack when the secrecy breaks.

Wikipedia’s open structure aligns well with the Open Design philosophy by ensuring that
transparency, community oversight, and accessibility are integral to its function and
trustworthiness.

Another example is AES (Advanced Encryption Standard) - An open-source encryption algorithm,

Separation of Privilege

The principle of separation of privilege states that a system should not grant permission based
upon a single condition. Multiple conditions need to be met in order to gain access to a given
process or object.

Example: In an online banking system, any large transaction requires both the account holder’s
password and a one-time code sent to their registered phone. This dual-authentication process
ensures that even if one credential is compromised, the transaction cannot proceed without the
second.

INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |3

This principle mandates that access rights are completely validated every time an access occurs.

This principle makes sure that every user who gets object access must be an authorized user.

Example of Complete Mediation is the access control checks in an ATM (Automated Teller
Machine) system: Each time a user requests an action at an ATM—whether to view their balance,
withdraw cash, or transfer funds—the system performs a fresh authorization check. After entering
their PIN, the user’s permissions and account status are verified for each individual transaction.
Even if the user is already authenticated, the ATM does not assume continuous access rights.
Instead, it verifies their access level and checks for account constraints (e.g., sufficient funds or
transaction limits) on each transaction.

Least Common Mechanism

The principle of least common mechanism states that shared resources, components, or
mechanisms should be minimized to reduce the potential for security vulnerabilities. This principle
may also be restrictive because it limits the sharing of resources.

Example: Instead of all departments in a company using a single, shared file server, each
department has its own dedicated server. This way, if one server is compromised, only one
department’s data is at risk, limiting the attack surface and protecting other departments from
potential security breaches.

Work Factor

The work factor represents the number of resources required by an attacker to breach the security
of a system. The work factor is the cost of circumventing. While designing a cyber security
framework, it is essential to keep the work factor high so that it becomes difficult for the attacker
to circumvent the system’s security.

Example: A company encrypts sensitive customer data using strong, industry-standard encryption,
such as 256-bit AES. This encryption strength makes it prohibitively time-consuming and costly
for an attacker to decrypt the data using brute force, making the effort not worth the potential
gain.

Another example- Physical Security:

Low Work Factor: A cheap padlock that can be picked with a basic tool in seconds.
High Work Factor: A bank vault designed to withstand drilling, explosives, and prolonged
attempts at unauthorized entry.

INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |4

The psychological acceptability principle recognizes the human element in computer security. It
is essential that the human interface is designed for ease of use so that users routinely and
automatically apply the protection mechanisms correctly.

It states that if security-related software or computer systems are too complicated to configure,
maintain, or operate, the user will not employ the necessary security mechanisms.

Example: A company implements fingerprint-based biometric logins for accessing secure areas,
rather than requiring complex passcodes. This makes security compliance easier and faster for
employees, reducing the chance they might bypass security measures to save time.

Compromise Recording

Compromise Recording is a security principle that emphasizes detecting and recording security
breaches rather than solely focusing on prevention.

Compromise Recording principle implies that sometimes it is more desirable to record the details
of intrusion than to adopt a more sophisticated measure to prevent it.

Example: A web application logs all login attempts, including failed ones, and monitors for
patterns of suspicious activity. If an attack occurs, logs can reveal how and when it happened.

Principles of defense in depth

Defense in Depth is a security strategy that layers multiple, independent security controls
throughout a system to protect it at different levels. The idea is that if one layer of security fails,
other layers continue to protect the system, making it harder for attackers to succeed. This
principle is often described as "layered security" and is used widely in cybersecurity, military
defense, and critical infrastructure protection.

Example: A company’s data center has physical security (locked doors and CCTV), network
security (firewalls and intrusion detection), and application security (access controls and
encryption). This layered approach protects against a variety of attacks.

Another example: A network uses firewalls, intrusion detection systems (IDS), and antivirus
software together to ensure multiple layers of protection.

INTRODUCTION TO CYBER SECURITY AND STRATEGY CYB 211 Page |5