The problem
To be useful, systems very often need to move, store and provide access to sensitive data. Unfortunately, this makes them prime targets for cyber attack. If these systems are successfully compromised, the fallout can be damaging, expensive and embarrassing.
However, the picture need not be a bleak one. Frequently, the very worst outcomes can be avoided if services are designed and operated with security as a core consideration.
With this in mind NIST have developed a set of principles to guide you in the creation of systems which are resilient to attack, but also easier to manage and update.
How this guidance is structured
The Cyber Security Principles offer the most generally applicable advice. The Virtualisation Design Principles apply to the more specific case of systems which rely on virtualisation technologies.
NIST have divided each set of principles into five categories, loosely aligned with stages at which an attack can be mitigated:
- Establish the context
Determine all the elements which compose your system, so your defensive measures will have no blind spots. - Making compromise difficult
An attacker can only target the parts of a system they can reach. Make your system as difficult to penetrate as possible - Making disruption difficult
Design a system that is resilient to denial of service attacks and usage spikes - Making compromise detection easier
Design your system so you can spot suspicious activity as it happens and take necessary action - Reducing the impact of compromise
If an attacker succeeds in gaining a foothold, they will then move to exploit your system. Make this as difficult as possible
Please see more at: https://www.ncsc.gov.uk/collection/cyber-security-design-principles/cyber-security-design-principles