CSSLP Question #370: Real Exam Question with Answer & Explanation

The correct answer is C: Psychological acceptability of controls. For security controls to be effective, they must be practical and user-friendly, otherwise, users may bypass them, negating their protective value. This specific principle focuses on designing security that aligns with human behavior and ease of use.

Secure Software Architecture and Design

Question

A regional fintech company needs security controls that staff will actually use. Which security design principle emphasizes making protections easy to use and acceptable to people?

Options

ADefense in depth
BEconomy of mechanism principle
CPsychological acceptability of controls
DComplete mediation principle

Explanation

For security controls to be effective, they must be practical and user-friendly, otherwise, users may bypass them, negating their protective value. This specific principle focuses on designing security that aligns with human behavior and ease of use.

Common mistakes.

A. Defense in depth is a strategy of employing multiple layers of security controls to protect resources, not specifically about the usability of individual controls.
B. The economy of mechanism principle advocates for keeping security mechanisms as simple and small as possible, which aids in their analysis and verification, but doesn't directly address user acceptance.
D. The complete mediation principle states that all access attempts to resources must be checked by the security mechanism, ensuring no bypasses, but it doesn't focus on the human factor of usability.

Concept tested. Security design principles - Usability

Topics

#Security design principles#Psychological acceptability#Usability#Security controls

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions