Cybersecurity Principles
The intent of the Cybersecurity Principles Knowledge Unit is to provide students with basic security design fundamentals that help create systems that are worthy of being trusted.
Topics
- Principles
- Principles a. Separation (of domains/duties)
- Principles
a. Separation (of domains/duties)
b. Isolation
c. Encapsulation
d. Modularity
e. Simplicity of design (Economy of Mechanism)
f. Minimization of implementation (Least Common Mechanism)
g. Open Design
h. Complete Mediation
i. Layering (Defense in depth)
j. Least Privilege
k. Fail Safe Defaults / Fail Secure
l. Least Astonishment (Psychological Acceptability)
m. Minimize Trust Surface (Reluctance to trust)
n. Usability
o. Trust relationships
- Principles SUBTOPICS
- Principles
- Fail Safe Defaults / Fail Secure
- Principles (must cover all of the sub-Topics)
- Principles- Separation (of domains/duties), Isolation, Encapsulation, Modularity, Minimization of implementation (Least Common Mechanism), Open Design, Complete Mediation, Layering (Defense in depth), Least Privilege, Fail Safe Defaults / Fail Secure, Least Astonishment (Psychological Acceptability), Minimize Trust Surface (Reluctance to trust), Usability, Trust relationships
Outcomes
- Define the principles of cybersecurity.
- Describe why each principle is important to security and how it enables the development of security mechanisms that can implement desired security policies.
- Analyze common security failures and identify specific design principles that have been violated.
- Given a specific scenario, identify the design principles involved or needed.
- Understand the interaction between security and system usability and the importance for minimizing the effects of security mechanisms.
- Given a specific scenario, identify the design principles involved or needed.
- Understand the interaction between security and system usability and the importance for minimizing the effects of security mechanisms.
- Describe why each principle is important to security and how it enables the development of security mechanisms that can implement desired security policies
- Analyze common security failures and identify specific design principles that have been violated
- Given a specific scenario, identify the design principles involved or needed
KSA-T
Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.
Learn More about the KAS-T's.
ID |
DESCRIPTION |
K0004 |
Knowledge of cybersecurity and privacy principles. |
K0152 |
Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization). |
K0179 |
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
K0289 |
Knowledge of system/server diagnostic tools and fault identification techniques. |
K0049 |
Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). |
K0112 |
Knowledge of defense-in-depth principles and network security architecture. |
K0045 |
Knowledge of information security systems engineering principles (NIST SP 800-160). |
K0038 |
Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data. |
K0044 |
Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |
ID |
DESCRIPTION |
S0157 |
Skill in recovering failed systems/servers. (e.g., recovery software, failover clusters, replication, etc.). |
S0023 |
Skill in designing security controls based on cybersecurity principles and tenets. |
S0367 |
Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |
ID |
DESCRIPTION |
A0123 |
Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |