ISC2 CISSP Practice Question

The correct answer is Security mechanisms should be transparent enough that they don't unnecessarily impede legitimate users. The principle of balancing security with usability recognizes that security controls that are overly burdensome to legitimate users will likely be circumvented, potentially creating new vulnerabilities. Effective security should maintain protection while being as transparent as possible to authorized users. This aligns with the concept of economy of mechanism in security design, which emphasizes simplicity and usability.

Security mechanisms should be visibly present to discourage attackers is incorrect because while security visibility may have deterrent value in some contexts, it often conflicts with usability goals. Highly visible security mechanisms can create friction for legitimate users and don't necessarily improve actual security protection.

Security mechanisms should be designed primarily to make users feel protected is incorrect because the perception of security is less important than actual security effectiveness. Security mechanisms should provide real protection rather than just creating a feeling of safety, which could give users a false sense of security.

Security mechanisms should be complex enough to demonstrate thorough protection is incorrect because complexity typically contradicts good security design principles like economy of mechanism. Complex security mechanisms are generally less user-friendly, more difficult to implement correctly, and more likely to contain vulnerabilities. Effective security should be as simple as possible while achieving protection goals.