Understanding Security Principles


๐ก๏ธ Understanding Security Principles: A Simple Guide
By Sylvester | August 2025
๐ Introduction
In today's digital world, security is more important than ever. Whether you're protecting your data, your organization, or your personal devices, understanding the core security principles is key.
This blog breaks down essential security concepts in a simple, beginner-friendly way. Letโs dive in!
๐ CIA and DAD โ The Foundation of Security
CIA โ The Pillars of Security
Confidentiality โ Keep data secret. Only authorized people should see it.
Integrity โ Make sure data is not changed without permission.
Availability โ Ensure data and services are available when needed.
DAD โ Common Attacks on Security
Disclosure โ Data is leaked or exposed.
Alteration โ Data is changed by attackers.
Denial โ Access is blocked or disrupted.
๐ ๏ธ Important Security Terms Explained
Vulnerability โ A weakness in a system (e.g., weak passwords, open ports).
Threat โ A potential danger that can exploit a weakness (e.g., a hacker).
Risk โ The chance a threat will exploit a vulnerability and the impact it could have.
Example:
A car showroom with big glass windows has a vulnerability (glass). A thief breaking it is the threat. The risk is the chance the glass will break and the loss it may cause.
๐๏ธ Key Security Models
We explored three popular security models:
Bell-LaPadula โ Focuses on data confidentiality.
Biba Model โ Focuses on data integrity.
Clark-Wilson Model โ Focuses on access control and well-formed transactions.
๐งฑ ISO/IEC 19249 โ Secure Design Principles
Architectural Principles:
Domain Separation โ Keep different system parts separate.
Layering โ Use layers (like OSI model) to apply security at each level.
Encapsulation โ Hide details and only show safe access methods.
Redundancy โ Have backups and failover systems.
Virtualization โ Use virtual machines to isolate and secure environments.
Design Principles:
Least Privilege โ Give only the access needed โ nothing more.
Attack Surface Minimization โ Disable whatโs not needed to reduce risk.
Centralized Parameter Validation โ Validate inputs in one safe place.
Centralized Security Services โ Keep security functions like authentication in one controlled system.
Error and Exception Handling โ Systems should fail safely and not leak sensitive info.
๐ง Defence in Depth
Defence in Depth means using multiple layers of security.
Example:
Lock your drawer โ lock your room โ lock the house โ security cameras.
Even if one layer fails, others are there to protect you.
๐ค Trust but Verify vs. Zero Trust
๐ Trust but Verify:
Trust people/systems but still monitor them.
Use logging, proxies, and intrusion detection to track actions.
You assume things are fine โ but double-check.
โ Zero Trust:
Never trust by default โ always verify.
Every access request must be checked, no matter where itโs coming from.
Uses microsegmentation to isolate parts of a system.
โ๏ธ Shared Responsibility in the Cloud
As more companies move to the cloud, security is shared between:
Cloud Providers (e.g., AWS, Azure)
Cloud Customers/Users
Depending on what service you use:
Cloud Model | Who Controls What |
IaaS | You manage OS, apps, data |
SaaS | Provider manages everything except your data usage |
Shared Responsibility Model ensures both parties understand and manage their part of security.
๐ Conclusion
Youโve now got a clear understanding of:
CIA & DAD
Vulnerability, Threat, and Risk
Key security models
ISO/IEC 19249 principles
Defence in Depth, Trust but Verify, and Zero Trust
The Shared Responsibility Model in cloud security
Youโre ready to explore more! ๐ Next up: Intro to Cryptography
Thanks for reading! Stay secure, stay curious. ๐๐ป
โ Sylvester
Subscribe to my newsletter
Read articles from Sylvester (ANBU) directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Sylvester (ANBU)
Sylvester (ANBU)
This blog serves as a beginner-friendly guide to understanding the world of cybersecurity. From defining what cybersecurity is to exploring its two major domainsโoffensive and defensive securityโit breaks down various career paths such as Security Analyst, Engineer, Penetration Tester, and more. Whether you're just curious or planning a career, this blog gives you the insight and direction to get started in the cybersecurity field.