In this article-an extract of his book on 223 security principles [1]-Saydjari discusses the ten "most fundamental" principles. Both the book and article are addressed to software engineers who want to build secure systems. Cybersecurity technology is advancing too slowly to keep pace with threats, and system designers need principles in order to do a better job. My own experience analyzing recent attacks (Equifax, Uber, Sony, Capital One, and so on) shows that these attacks succeeded not because they were impossible to stop, but because management made the deliberate decision to not spend money and effort on protecting customer data. In fact, the attacks were very simple, but the systems were quite naked.
展开▼