Certified Information Systems Security Professional (CISSP) — Question 124

An architect has observed the complexity of a new design has introduced increased risk. After review, the test team lead cannot determine how to test for some of the security controls the organization requires to be in place. Which of the following secure design principles has MOST likely been violated?

Answer options

• A. Complete remediation
• B. Economy of mechanism
• C. Psychological acceptability
• D. Least privilege

Correct answer: B

Explanation

The principle of Economy of mechanism emphasizes simplicity in design to minimize complexity, which aids in understanding and testing security controls. If the design is overly complex, it becomes difficult to implement and verify security measures, thus violating this principle. The other options address different aspects of security and do not directly relate to the complexity affecting testing capabilities.