Hi All,
"Secure by default" means products are resilient against prevalent exploitation techniques out of the box without added charge. These products protect against the most prevalent threats and vulnerabilities without end-users having to take additional steps to secure them. Secure by default products are designed to make customers acutely aware that when they deviate from safe defaults, they are increasing the likelihood of compromise unless they implement additional compensatory controls.
Secure by default is a form of secure by design.
» A secure configuration should be the default baseline. Secure by default products automatically enable the most important security controls needed to protect enterprises from malicious cyber actors, as well as supply the ability to use and further configure security controls at no additional cost.
» The complexity of security configuration should not be a customer problem. Organizational IT staff are frequently overloaded with security and operational responsibilities, thus resulting in limited time to understand and implement the security implications and mitigations required for a robust cybersecurity posture.
Manufacturers can aid their customers by optimizing secure product configuration-securing the "default path"- ensuring their products are manufactured, distributed, and used securely in accordance with "secure by default" standards. Manufacturers of products that are "secure by default" do not charge extra for implementing added security configurations. Instead, they include them in the base product like seatbelts are included in all new cars.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------