Which security principle discourages reliance on obscurity to protect systems?

The principle of avoiding security through obscurity emphasizes that relying solely on secrecy to protect a system can lead to vulnerabilities. This approach suggests that systems should not depend on the hidden aspects of their architecture, design, or implementation for security. Instead, robust security mechanisms should be in place that are transparent and can withstand scrutiny and attacks, regardless of whether potential attackers know how the system works.

This principle advocates for the idea that true security comes from having strong security practices, controls, and architectures rather than assuming that keeping certain parts of a system secret will protect it. By discouraging reliance on obscurity, organizations are encouraged to build their security posture around well-known and thoroughly vetted security practices, such as encryption, access controls, and regular security assessments.

The other options reflect different security principles that address various aspects of secure system design, but they do not specifically discourage relying on obscurity as a primary defense mechanism. For example, defense in depth involves implementing multiple layers of security so that if one layer fails, other layers can still provide protection, while least privilege focuses on giving users the minimum levels of access necessary to perform their roles. Conversely, avoiding security through obscurity directly targets the ineffective reliance on secrecy, making it the correct choice.