What if a single theory was beneath all system security?
True security isn’t simply a patch or configuration, but rather a culmination of human, process, and technology components working in concert. In Designing Secure Systems, we’ll take a step back and discuss the theory that underlies the implementation – and discuss patterns that identify weaknesses in their design.
Designing Secure Systems proposes a set of theories about how to model the security of a modern system, including offering ideas and recommendations on how to establish a resilient defensive posture. We’ll use simple physical examples to represent complex concepts and discuss a unified theory of authentication, authorization, and exploitation that transcends the physical world, human processes, and technology.
Some of the topics covered in this book:
- How to distill any complex system into the basic concepts of access and authorization to simplify analysis
- How to use authorization theory to identify patterns that a adversary can use to leverage one weakness to gain control over additional resources
- Strategies to help determine the cost effectiveness of a security monitoring strategy
- How to use the ABCs of cybersecurity and the three timeframes of a security event to ensure completeness of investigation and develop an eviction strategy
Michael Melone 