The problem

To be useful, systems very often need to move, store and provide access to sensitive data. Unfortunately, this makes them prime targets for cyber attack. If these systems are successfully compromised, the fallout can be damaging, expensive and embarrassing.

However, the picture need not be a bleak one. Frequently, the very worst outcomes can be avoided if services are designed and operated with security as a core consideration.

With this in mind NIST have developed a set of principles to guide you in the creation of systems which are resilient to attack, but also easier to manage and update.

How this guidance is structured

The Cyber Security Principles offer the most generally applicable advice. The Virtualisation Design Principles apply to the more specific case of systems which rely on virtualisation technologies.

NIST have divided each set of principles into five categories, loosely aligned with stages at which an attack can be mitigated:

  • Establish the context
    Determine all the elements which compose your system, so your defensive measures will have no blind spots.
  • Making compromise difficult
    An attacker can only target the parts of a system they can reach. Make your system as difficult to penetrate as possible
  • Making disruption difficult
    Design a system that is resilient to denial of service attacks and usage spikes
  • Making compromise detection easier
    Design your system so you can spot suspicious activity as it happens and take necessary action
  • Reducing the impact of compromise
    If an attacker succeeds in gaining a foothold, they will then move to exploit your system. Make this as difficult as possible

Please see more at: