Chapter 1. Introduction

1. A, B, D, and E. We talk about four foundational security techniques used within the book: data-centric security, secure by design with threat modeling, zero trust architecture, and compliance management. Data-centric security involves tracing data throughout its journey in transit, at rest, and in processing. Secure by design with threat modeling takes a risk-based perspective on developing a solution architecture. Zero trust architecture assumes implicit trust is removed from an internal network and a breach has already occurred, so data is fully protected through all stages of its journey. Compliance management is included, as compliance with legal and regulatory requirements is required for all organizations.

2. A and C. Two characteristics of secure by design include: i) threat modeling to identify the risk to data; and ii) being primarily targeted at the design of technology products.

3. A and C. Zero trust architecture follows a number of principles, including “Never trust, always verify.” The zero trust model assumes that all business transactions and data flows, whether originating from inside or outside the network, are potentially malicious. Every interaction in a business transaction or data flow must be continuously validated to ensure that only authorized users and devices can access sensitive business data. In effect, it moves the perimeter from ...