Simplicity and necessity: designs should be as simple and small as possible. Minimize functionality, favour minimal installs, and disable unused functionality. Aka: minimize the attack surface. Safe defaults: deny-by-default. Design systems to fail closed (denying access) and favour allowlists over denylists.

When we study computer and internet security (aka cybersecurity, in most circles), we are primarily interested in how people interact with software, computer systems, and networks, and in how they can be misused by various agents. We are typically not concerned with unintentional mistakes or other types of damages (such as a network failure cause by an outage or a natural disaster).

computer and Internet security: the combined art, science, and engineering practice of protecting software, computers, networks, the data stored on them, the information transmitted on/between them, and the physical devices/machines they control from intentional misuse by an unauthorized party.