Confidentiality, Integrity, Availability

Understand the issues, risks
Assess, plan, design/architect

Principle of Least Privilege

When designing a security policy, be it a firewall rule, or filesystem
permissions, never give more than the necessary permissions to get the job
done. Doing so reduces the attack surface, and weakens (though does not eliminate)
the potency of compromise. It's easier to loosen rules than to tighten them later.


The appropriateness of a security architecture is that it meeds the
confidentiality/integrity/availability needs of an organization. It balances
security, risk mitigation, usability, and costs.


Where an action cannot be denied, proof of data integrity.

Business continuity

One of the chief goals of security is that business continuity is ensured.
Beyond simple security practices, this is having systems in place that can
tolerate failure so that business continues with little/no affect.


A hardened system has these characteristics: