10 Simple Guideline Principles to Improve the Sec. of Soft.

1. Secure the weakest link2. Practice defense in depth3. Fail securely4. Follow principle of least privilege 5. Compartmentalize6. Keep it simple7. Promote privacy8. Remember that hiding secrets is hard9. Be reluctant to trust10. Use community resources

Secure the weakest link – any system is as secure as weakest point in system Practice defense in depth - don’t predict the unexpected, but plan for it.

- Layered defense gives early warnings and buys plenty of time- Multi-modal biometric systems

Fail securely - attackers can cause a system to fail where security holes might open up- Authentication system should return negative answer if system crashes- Firewall that fails safely should drop all subsequent packets-

Follow principle of least privilege - give people access only to info they need to know and for right duration- limits damage that can result from accident, error-

Compartmentalize:

-break up system into few units to minimize damage as result of breaking into one unit

- Helps contain problems if they occur

Keep it simple

- Use choke points: Network type-IDS Application type- Single sign on Social Type- only manager can authorize

- Focuses attention, enhance security, easy to monitor, easy to control, acts as a centralized security with reduced cost