Modern systems are an intertwined mesh of human process, physical security, and technology. Many times, an attacker will leverage a weakness in one form of security to gain control over an otherwise protected operation.
Designing Secure Systems takes a theory-based approach to concepts underlying all forms of systems, from padlocks to phishing to enterprise software architecture. In this book, we will discuss similarities in how a weakness in one part of a process enables vulnerability to bleed into another by applying standards and frameworks used in the cybersecurity world to assess the system as a complete process including people, processes, and technology.
In Designing Secure Systems, we begin by describing the core concepts of access, authorization, authentication, and exploitation. We then break authorization down into five interrelated components and describe how these aspects apply to physical, human process, and cybersecurity.
In the second portion of the book, we discuss how to operate a secure system based on the NIST Cybersecurity Framework (CSF) concepts of identify, protect, detect, respond, and recover.
Other topics covered in this book include The NIST National Vulnerability Database (NVD), MITRE Common Vulnerability Scoring System (CVSS), Microsoft’s Security Development Lifecycle (SDL), and the MITRE ATT&CK Framework.Homepage