Understanding Security Principles

๐Ÿ›ก๏ธ Understanding Security Principles: A Simple Guide

By Sylvester | August 2025


๐Ÿ” Introduction

In today's digital world, security is more important than ever. Whether you're protecting your data, your organization, or your personal devices, understanding the core security principles is key.

This blog breaks down essential security concepts in a simple, beginner-friendly way. Letโ€™s dive in!


๐Ÿ” CIA and DAD โ€“ The Foundation of Security

CIA โ€“ The Pillars of Security

  1. Confidentiality โ€“ Keep data secret. Only authorized people should see it.

  2. Integrity โ€“ Make sure data is not changed without permission.

  3. Availability โ€“ Ensure data and services are available when needed.

DAD โ€“ Common Attacks on Security

  1. Disclosure โ€“ Data is leaked or exposed.

  2. Alteration โ€“ Data is changed by attackers.

  3. Denial โ€“ Access is blocked or disrupted.


๐Ÿ› ๏ธ Important Security Terms Explained

  • Vulnerability โ€“ A weakness in a system (e.g., weak passwords, open ports).

  • Threat โ€“ A potential danger that can exploit a weakness (e.g., a hacker).

  • Risk โ€“ The chance a threat will exploit a vulnerability and the impact it could have.

Example:
A car showroom with big glass windows has a vulnerability (glass). A thief breaking it is the threat. The risk is the chance the glass will break and the loss it may cause.


๐Ÿ›๏ธ Key Security Models

We explored three popular security models:

  • Bell-LaPadula โ€“ Focuses on data confidentiality.

  • Biba Model โ€“ Focuses on data integrity.

  • Clark-Wilson Model โ€“ Focuses on access control and well-formed transactions.


๐Ÿงฑ ISO/IEC 19249 โ€“ Secure Design Principles

Architectural Principles:

  1. Domain Separation โ€“ Keep different system parts separate.

  2. Layering โ€“ Use layers (like OSI model) to apply security at each level.

  3. Encapsulation โ€“ Hide details and only show safe access methods.

  4. Redundancy โ€“ Have backups and failover systems.

  5. Virtualization โ€“ Use virtual machines to isolate and secure environments.

Design Principles:

  1. Least Privilege โ€“ Give only the access needed โ€” nothing more.

  2. Attack Surface Minimization โ€“ Disable whatโ€™s not needed to reduce risk.

  3. Centralized Parameter Validation โ€“ Validate inputs in one safe place.

  4. Centralized Security Services โ€“ Keep security functions like authentication in one controlled system.

  5. Error and Exception Handling โ€“ Systems should fail safely and not leak sensitive info.


๐Ÿง  Defence in Depth

Defence in Depth means using multiple layers of security.

Example:
Lock your drawer โžœ lock your room โžœ lock the house โžœ security cameras.
Even if one layer fails, others are there to protect you.


๐Ÿค Trust but Verify vs. Zero Trust

๐Ÿ” Trust but Verify:

  • Trust people/systems but still monitor them.

  • Use logging, proxies, and intrusion detection to track actions.

  • You assume things are fine โ€” but double-check.

โŒ Zero Trust:

  • Never trust by default โ€” always verify.

  • Every access request must be checked, no matter where itโ€™s coming from.

  • Uses microsegmentation to isolate parts of a system.


โ˜๏ธ Shared Responsibility in the Cloud

As more companies move to the cloud, security is shared between:

  • Cloud Providers (e.g., AWS, Azure)

  • Cloud Customers/Users

Depending on what service you use:

Cloud ModelWho Controls What
IaaSYou manage OS, apps, data
SaaSProvider manages everything except your data usage

Shared Responsibility Model ensures both parties understand and manage their part of security.


๐Ÿ Conclusion

Youโ€™ve now got a clear understanding of:

  • CIA & DAD

  • Vulnerability, Threat, and Risk

  • Key security models

  • ISO/IEC 19249 principles

  • Defence in Depth, Trust but Verify, and Zero Trust

  • The Shared Responsibility Model in cloud security

Youโ€™re ready to explore more! ๐Ÿ‘‰ Next up: Intro to Cryptography


Thanks for reading! Stay secure, stay curious. ๐Ÿ”๐Ÿ’ป
โ€“ Sylvester

0
Subscribe to my newsletter

Read articles from Sylvester (ANBU) directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Sylvester (ANBU)
Sylvester (ANBU)

This blog serves as a beginner-friendly guide to understanding the world of cybersecurity. From defining what cybersecurity is to exploring its two major domainsโ€”offensive and defensive securityโ€”it breaks down various career paths such as Security Analyst, Engineer, Penetration Tester, and more. Whether you're just curious or planning a career, this blog gives you the insight and direction to get started in the cybersecurity field.