ABSTRACT
A system deployed without security in mind will undoubtedly end up having security bolted on, which is like realizing the readers left a suitcase full of money in a room full of thieves. The information security market is flooded with tools which enable detection of and response to different threats. Many of these tools are necessary to provide visibility into activity within an organization, but they should not be considered solutions. The principles behind system security have been used for hundreds of years in designing building defense, organizational processes and procedures, and in military intelligence. In cybersecurity, we adapt these concepts to the design of interconnected computers. Despite its technology focus, cybersecurity follows the same set of vulnerabilities as any other system. The chapter also presents an overview of the key concepts discussed in this book.
