nerdexam
(ISC)2

CISSP · Question #1428

What security principle addresses the issue of "Security by Obscurity"?

The correct answer is A. Open design. The 'Open Design' principle holds that security should not rely on keeping the design secret, directly countering 'Security by Obscurity.' A system should remain secure even if its mechanisms are publicly known.

Submitted by noor.lb· Mar 5, 2026Security Architecture and Engineering

Question

What security principle addresses the issue of "Security by Obscurity"?

Options

  • AOpen design
  • BSegregation of duties (SoD)
  • CRole Based Access Control (RBAC)
  • DLeast privilege

How the community answered

(23 responses)
  • A
    87% (20)
  • C
    4% (1)
  • D
    9% (2)

Why each option

The 'Open Design' principle holds that security should not rely on keeping the design secret, directly countering 'Security by Obscurity.' A system should remain secure even if its mechanisms are publicly known.

AOpen designCorrect

Open Design is one of Saltzer and Schroeder's foundational security design principles, which explicitly states that the security of a system should not depend on the secrecy of its implementation or design. This directly addresses 'Security by Obscurity' by asserting that algorithms, mechanisms, and designs should withstand public scrutiny - only keys or credentials should be secret, not the overall design.

BSegregation of duties (SoD)

Segregation of Duties (SoD) is a control that divides critical tasks among multiple individuals to prevent fraud and error, and does not address reliance on secrecy of design as a security mechanism.

CRole Based Access Control (RBAC)

Role Based Access Control (RBAC) restricts system access based on a user's assigned role, which is an access management principle and has no direct relationship to countering security through obscurity.

DLeast privilege

Least Privilege limits users and processes to only the permissions necessary for their tasks, reducing attack surface, but does not specifically counter the concept of relying on hidden designs for security.

Concept tested: Open design principle vs. security by obscurity

Source: https://en.wikipedia.org/wiki/Saltzer_and_Schroeder%27s_design_principles

Topics

#security by obscurity#open design#security principles

Community Discussion

No community discussion yet for this question.

Full CISSP Practice