Several methods are provided for applying minimization to computer systems. A unified security profile is created and applied to a computer system. This provides a listing of software packages required to be installed on the computer system. Extraneous files not associated with a required software package are identified. In one method, a software module interposes between calls to filesystem operations and the filesystem. This module allows or denies access to files based on a configuration information source (which is itself based on the unified security profile), the zone from which the access request originates, and the privileges of the user making the request. Reference to each file minimized is removed from the computer system's package manifest. Files thus minimized are neither visible nor accessible to unauthorized entities on the computer system. If the unified security profile of the system is required to change, minimization actions can therefore be reversed.