What this book covers

Chapter 1, Navigating Risk, Classifying Assets, and Unveiling Threats, serves as a comprehensive introduction to the fundamental principles of security. By adopting a risk-based approach, the chapter provides you with an in-depth examination of asset classification and the various categories of threat actors, along with their underlying motivations.

Chapter 2, Practical Guide to Defense in Depth, builds upon the risk-based approach to security strategies and lays the foundation for Defense in Depth. It places significant emphasis on various security domains and the diverse range of controls within them. This chapter introduces primary components in a layered security design with a glimpse of real-world applicability.

Chapter 3, Building a Framework for Layered Security, reinforces the core principles of security and deepens the understanding of defense in depth, laying the foundation for crafting resilient security strategies. It emphasizes the critical role of introducing and implementing security policies to govern large-scale changes within organizations.

Chapter 4, Understanding the Attacker Mindset, focuses on types of threat actors and common tactics used by them. It covers the importance of understanding the adversaries to build a strong security strategy.

Chapter 5, Uncovering Weak Points through an Adversarial Lens, delves into the intricacies of adopting an attacker’s perspective to fortify defense systems. Based on the unique threat landscape for every organization, this chapter demonstrates how to craft tailored defense programs by profiling these risks.

Chapter 6, Mapping Attack Vectors and Gaining an Edge, focuses on drawing the line between common threats that organizations face and the attacker mindset to build a formidable security strategy. A lot of attention is paid to practical defense in depth security controls to give you the ability to understand the common attacks and be able to create a layered security posture.

Chapter 7, Building a Proactive Layered Defense Strategy, provides an overview of designing defense in depth using proactive, attacker-focused strategies. You will learn how to characterize different security mechanisms into buckets and apply them to appropriate situations.

Chapter 8, Understanding Emerging Threats and Defense in Depth, delves a little deeper into adaptive defense strategies based on evolving threat vectors. A lot of attention is paid to the effectiveness of a defense in depth approach against emerging threats and how to utilize advanced technologies as core components in defense systems.

Chapter 9, The Human Factor – Security Awareness and Training, introduces one of the most important gaps in today’s security world: humans. Building on top of zero trust principles, this chapter puts the focus on security as a chain and intrinsic weakness by design. It discusses the idea of leaving humans out of the loop to increase the robustness of security and also touches on the concept of reliability.

Chapter 10, Defense in Depth – A Living, Breathing Approach to Security, provides an overview of the inevitability of defense in depth in modern security models. Introducing the Secure Software Development Framework, this chapter demonstrates how to build a security program with defense in depth at the center of it. You will learn why defense in depth is the only way to think about building security strategies.