Cybersecurity Principles (2020)
The intent of the Cybersecurity Principles Knowledge Unit is to provide students with basic security design fundamentals that help create systems that are worthy of being trusted.
- 1 Outcomes
- 2 Topics
- 3 Skills
- 4 Vocabulary
- 5 NICE Framework Categories
- 6 Specialization Areas
- 7 See also
- 8 Further reading
- 9 Sample knowledge test
- 10 Sample skills test
- 11 Sample abilities test
- 12 Additional notes or materials
- 13 Contacts
- 14 Reference ID
To complete this KU, students should be able to:
- Define the principles of cybersecurity.
- Describe why each principle is important to security and how it enables the development of security mechanisms that can implement desired security policies.
- Analyze common security failures and identify specific design principles that have been violated.
- Given a specific scenario, identify the design principles involved or needed.
- Understand the interaction between security and system usability and the importance for minimizing the effects of security mechanisms.
- Principles (must cover all of the sub-topics)
- Separation (of domains/duties)
- Simplicity of design (Economy of Mechanism)
- Minimization of implementation (Least Common Mechanism)
- Open Design
- Complete Mediation
- Layering (Defense in depth)
- Least Privilege
- Fail Safe Defaults / Fail Secure
- Least Astonishment (Psychological Acceptability)
- Minimize Trust Surface (Reluctance to trust)
- Trust relationships
Packet, risk, secure system, trust, trusted system, trustworthy, vulnerability
NICE Framework Categories
Because it is a Foundational KU, it is by default in all Specialization Areas.
Related Knowledge Units
Suggested academic readings
Sample knowledge test
Sample skills test
Sample abilities test
Additional notes or materials
Reference: Design Principles Michael Gegick and Sean Barnum. Published: September 19, 2005 | Last revised: May 13, 2013