Cutting-edge cybersecurity solutions to defend against the most sophisticated attacks
This professional guide shows, step by step, how to design and deploy highly secure systems on time and within budget. The book offers comprehensive examples, objectives, and best practices and shows how to build and maintain powerful, cost-effective cybersecurity systems. Readers will learn to think strategically, identify the highest priority risks, and apply advanced countermeasures that address the entire attack space. Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time showcases 35 years of practical engineering experience from an expert whose persuasive vision has advanced national cybersecurity policy and practices.
Readers of this book will be prepared to navigate the tumultuous and uncertain future of cyberspace and move the cybersecurity discipline forward by adopting timeless engineering principles, including:
- Defining the fundamental nature and full breadth of the cybersecurity problem
- Adopting an essential perspective that considers attacks, failures, and attacker mindsets
- Developing and implementing risk-mitigating, systems-based solutions
- Transforming sound cybersecurity principles into effective architecture and evaluation strategies that holistically address the entire complex attack space
Table of Contents
Part I What Do You Want?
Chapter 1 What’s the Problem?
Chapter 2 Cybersecurity Right-Think
Chapter 3 Value and Mission: Know Thyself
Chapter 4 Harm: Mission in Peril
Chapter 5 Approximating Reality
Part II What Could Go Wrong?
Chapter 6 Adversaries: Know Thy Enemy
Chapter 7 Forests of Attack Trees
Part III What Are the Building Blocks of Mitigating Risk?
Chapter 8 Countermeasures: Security Controls
Chapter 9 Trustworthy Hardware: Bedrock
Chapter 10 Cryptography: A Sharp and Fragile Tool
Chapter 11 Authentication
Chapter 12 Authorization
Chapter 13 Detection Foundation
Chapter 14 Detection Systems
Chapter 15 Detection Strategy
Chapter 16 Deterrence and Adversarial Risk
Part IV How Do You Orchestrate Cybersecurity?
Chapter 17 Cybersecurity Risk Assessment
Chapter 18 Risk Mitigation and Optimization
Chapter 19 Engineering Fundamentals
Chapter 20 Architecting Cybersecurity
Chapter 21 Assuring Cybersecurity: Getting It Right
Chapter 22 Cyber Situation Understanding: What’s Going On
Chapter 23 Command and Control: What to Do About Attacks
Part V Moving Cybersecurity Forward
Chapter 24 Strategic Policy and Investment
Chapter 25 Thoughts on the Future of Cybersecurity
Part VI Appendix and Glossary