Secure system design principles: CISSP exam concepts and frameworks

Secure system design principles guide the mechanisms for any infrastructure with security as a foundational element. Concepts like separation of privilege, fail-safe defaults and mechanism economy are just a few different concepts that might appear in the CISSP exam. In CISSP domain three, Security Architecture and Engineering is weighted 13% of the total exam, quizzing exam takers’ knowledge of systems, applications, operating systems and the control processes used for multi-layered, modern-day security. 

Security engineering covers the planning, design and principles of security systems and includes concepts like threat modeling, failing securely, separation of duties and more. Look at the CISSP domains overview for a more thorough breakdown of each section. 

For more CISSP exam tips, get our free CISSP exam tips and tricks ebook, or watch our free one-hour CISSP exam tips course with an instructor whose students have a 95% pass rate. 

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Get Pricing

1. The least privilege principle

The least privilege principle aims to give users the least possible set of privileges to perform an action or their job duties. Benefits include improving an organization’s overall cybersecurity posture, reducing unauthorized access to sensitive systems and reducing potential downtime. 

Here are a few different scenarios: 

• The CEO might have unrestricted access to all files and applications 
• An account executive might have access to all CRM, marketing and sales software needed for their job but not product development tools 
• An entry-level software engineer might need access to code repositories but not the ability to push code changes live without approval 

In the principle of least privilege, security professionals continuously turn credentials on and off and grant temporary access for certain tasks. 

2. Fail-safe defaults

Also known as “secure by default,” this concept states all access should be denied unless specifically granted, and when an error occurs, it reverts automatically to a safe state. These structures help maintain confidentiality, integrity and security. 

Access decisions are not made on exclusions; instead, they are made on permissions, and the default is always set to deny access. For example, the email account is temporarily locked if a user has multiple failed password attempts. New file repositories are established without access, and users are granted access as needed. 

3. Mechanism economy

Mechanism economy refers to the idea that security should be kept as simple as possible. The more complex, the more likely they are to be misunderstood, misconfigured or implemented incorrectly. 

Other important concepts include: 

• Less can go wrong 
• In case of an error, a simpler system is easier to diagnose and fix 
• Integrations with other systems are easier and more straightforward 

For example, instead of building a custom sign-on process from scratch, software development teams can leverage tools like OAuth from Google or Okta for secure single sign-on. The provider already easily maintains this system, and it is widely adopted by businesses. 

4. Full mediation

Full mediation ensures every request to access an object is verified. This is another layer that prevents unauthorized access. For example, every time a user wants to access the sales CRM, they must be granted access instead of relying on previous assumptions. 

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Get Pricing

5. The openness of the design

In this security principle, the openness of the design means a system’s security must never depend on its designer implementation being kept secret. 

6. Separation of privilege

Similar to other access control concepts, the separation of privilege means rights are divided among multiple individuals, meaning that no single entity has complete control over everything. This division of power separates users with different levels of access based on permissions, trust and needs, and it removes the existence of a single point of failure. 

Compared to the concept of least privilege, separation of duties is more about splitting tasks to reduce the chance of unauthorized access. Least privilege means users only receive access to systems they need to complete their work. 

For example, the separation of privilege in a financial department might mean one employee can approve payments, one approves reimbursements and a more senior manager approves if a transaction is above a certain amount. Least privilege would mean these three different employees have different levels of access to the payroll provider, banking system and company credit cards. 

7. Efficiency

This concept dictates that once a security mechanism is implemented, the resource should not be more difficult to access than it would’ve been if the mechanism were absent. Some people confuse compromising security with enhanced efficiency, but these two concepts should work together. 

Choosing the right security framework

A security framework is a series of standardized processes used to define the procedures and policies of a system. Several different security frameworks act as the blueprint for building a strong information security program that reduces vulnerability and medicates risk. Depending on the level of complexity, the need for scalability and the type of organization, different frameworks might work better than others. 

Take a look at some of the most well-known security frameworks that might appear on the CISSP: 

COBIT

The Control Objectives for Information and Related Technologies (COBIT) framework is an IT governance policy that helps businesses manage compliance and risk management and align their IT strategy with overall business goals. COBIT was created by The Information Systems Audit and Control Association (ISACA) to help IT managers, and the latest update is COBIT 2019. 

It’s based on five principles: 

• Meeting stakeholder needs 
• Securing the business from end to end 
• Leveraging a singular integrated frame 
• Taking a holistic approach 
• Separating governance from management 

NIST SP 800 series

The National Institute of Standards and Technology (NIST) ’s SP-800 series is another framework of guidelines, recommendations, technical specifications and other cybersecurity recommendations — sometimes referred to as the “bible of information security.” These were developed specifically for the US federal government, but they help businesses of all sizes better secure their organization and reduce cybersecurity risks. 

ISO 27000 series

From the International Standards Organization (ISO), the ISO 27000 series is a massive information security framework for businesses of all sizes. Similar to the ISO 9000 for manufacturing quality, the ISO 27000 series has multiple sub-standards for different protocols. 

SABSA

The Sherwood Applied Business Security Architecture (SABSA) is a methodology for businesses to develop risk-focused systems at both the enterprise and solution levels. While it’s independent of the Zachman Framework, a fundamental structure for enterprise architecture, it derives from a similar idea that everything must come from the basis of security. 

ITIL 

The Information Technology Infrastructure Library (ITIL) is another framework that includes best practices for managing IT services and aligning them with overall business strategy. It aims to standardize the selection, planning, delivery, maintenance and overall lifecycle of IT services with better efficiency and continued uptime. The latest version, the ITIL 4, was released in 2019, with a holistic approach to IT-enabled services and a better alignment with the digital era. 

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Get Pricing

Prepare for the CISSP 

The CISSP is the most requested cybersecurity certification in US job listings, so adding this stamp of validation to your resume is crucial for mid-career security professionals. With the ever-changing security design principles and requirements, prepare for the CISSP exam with a training boot camp packed with the latest content, methodologies, frameworks and concepts. Learn more about the exam, best practices and training resources in the CISSP exam hub.