Generally Accepted System Security Principles

P-12 Adversary Principle

P-12 Adversary Principle

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved


Controls, security strategies, architectures, policies, standards, procedures, and guidelines should be developed and implemented in anticipation of attack from intelligent, rational, and irrational adversaries with harmful intent or harm from negligent or accidental actions.


Natural hazards may strike all susceptible assets. Adversaries will threaten systems according to their own objectives. Information security professionals, by anticipating the objectives of potential adversaries and defending against those objectives, will be more successful in preserving the integrity of information. It is also the basis for the practice of assuming that any system or interface that is not controlled is assumed to have been compromised.