Introduction. xxvi Part 1: General Security Concepts 1 CHAPTER 1: Security Controls. 3 Nature of Controls. 3 Functional Use of Controls. 4 What Next?. 9 CHAPTER 2: Fundamental Security Concepts. 11 Confidentiality, Integrity, and Availability (CIA). 12 Non-Repudiation.

13 Authentication, Authorization, and Accounting (AAA). 13 Gap Analysis. 14 Zero Trust. 15 Physical Security. 18 Video Surveillance. 20 Deception and Disruption Technology. 23 What Next?. 26 CHAPTER 3: Change Management Processes and the Impact to Security.

27 Change Management. 28 Business Processes Impacting Security Operations. 28 Technical Implications. 31 Documentation. 35 Version Control. 36 What Next?. 38 CHAPTER 4: Cryptographic Solutions. 39 Public Key Infrastructure (PKI).

40 Encryption. 43 Tools. 55 What Next?. 80 Part 2: Threats, Vulnerabilities, and Mitigations 81 CHAPTER 5: Threat Actors and Motivations. 83 Threat Actors. 84 Motivations. 90 What Next?. 96 CHAPTER 6: Threat Vectors and Attack Surfaces.

97 Types of Threat Vectors and Attack Surfaces. 98 What Next?. 114 CHAPTER 7: Vulnerability Types. 115 Application. 116 Operating System-Based. 118 Web-Based. 119 Hardware. 120 Virtualization.

121 Cloud-Specific. 122 Supply Chain. 123 Cryptographic. 125 Misconfiguration. 126 Mobile Device. 127 Zero-Day. 127 What Next?. 130 CHAPTER 8: Malicious Attacks and Indicators.

131 Malware Attacks. 132 Physical Attacks. 138 Network Attacks. 139 Application Attacks. 148 Cryptographic Attacks. 153 Password Attacks. 154 Indicators of Malicious Activity. 156 What Next?.

160 CHAPTER 9 Mitigation Techniques for Securing the Enterprise. 161 Segmentation. 162 Access Control. 162 Application Allow List. 164 Isolation. 165 Patching. 165 What Next?. 176 Part 3: Security Architecture 177 CHAPTER 10: Security Implications of Architecture Models.

179 Architecture and Infrastructure Concepts. 180 Considerations. 201 What Next?. 209 CHAPTER 11: Enterprise Architecture Security Principles. 211 &n.