The security principle that addresses the issue of "Security by Obscurity" is
A. Open design.
Security through obscurity, or security by obscurity, relies on secrecy as the main method of providing security to a system or component. This approach is discouraged and not recommended by standards bodies, such as the National Institute of Standards and Technology (NIST) in the United States, which recommends against this practice. Instead, the principle of open design emphasizes the importance of designing systems with transparency and openness, rather than relying on secrecy as the primary means of security.
Fuzzy security is the practice of relying on the confidentiality or complexity of a system or algorithm to provide security, rather than on the strength of the system itself. Open design is a security principle that advocates the use of open and transparent designs and protocols that can be scrutinized and tested by the security community to identify and address potential vulnerabilities. This approach is considered more secure than relying on secrecy or concealment to protect the system.
Selected Answer: C
The open design security principle states that the implementation details of the design should be independent of the design itself, which can remain open, unlike in the case of security by obscurity wherein the security of the software is dependent upon the obscuring of the design itself.
https://github.com/OWASP/DevGuide/blob/master/02-Design/01-Principles%20of%20Security%20Engineering.md
Security through Transparency," on the other hand, is the principle of designing security systems that are open and transparent. This approach assumes that if the attacker knows how a system is secured, they will not be able to exploit any vulnerabilities because the system is designed with strong security mechanisms.
The security principle that addresses the issue of "Security by Obscurity" is Open Design. Option A is the correct answer.
"Security by Obscurity" is a security practice in which security mechanisms are based on the secrecy or complexity of the design rather than on a known and tested security model. This approach is often ineffective because it relies on the assumption that attackers will not be able to discover the security measures or exploit vulnerabilities in the system.
The security principle of Open Design addresses this issue by advocating for systems to be designed with security mechanisms that are transparent, well-defined, and publicly known. This approach ensures that security mechanisms are based on sound security principles, can be tested and evaluated, and can be improved over time. By making security mechanisms transparent and publicly known, the risks associated with "Security by Obscurity" can be reduced.
Role-Based Access Control (RBAC), Segregation of duties (SoD), and Least privilege are other important security principles, but they do not directly address the issue of "Security by Obscurity."
Answer is A. Security Through Obscurity is the opposite of the Open Design Principle, which states that the security if a mechanism should not depend on the secrecy of its design or implementation.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Loveguitar
Highly Voted 2 years, 2 months agojackdryan
1 year, 6 months agogjimenezf
Most Recent 9 months, 4 weeks agoSoleandheel
11 months, 2 weeks agolxm28
1 year, 5 months agolj22hawaii
1 year, 5 months agoIvanchun
1 year, 7 months agoDelab202
1 year, 7 months agocrazywai1221
1 year, 8 months agoJAckThePip
2 years, 1 month agokptest12
2 years, 1 month agojaysparky
2 years, 1 month agostickerbush1970
2 years, 1 month ago