Security as a chain
In Chapter 1, we introduced the analogy of security as a chain. This analogy applied well to traditional security, where defensive controls operated almost independently, and breaking one of them caused the entire system to fail. With the DiD principle guiding modern security models, while a single control bypass might not have as grave an impact as it used to, the core idea about security being a chain is still quite true. In this section, we will explore this ideology with an example.
To understand this analogy, let’s revisit what we are trying to achieve with security. While the security bottom line is generally described by the CIA triad (discussed in Chapter 1), our mission in security is to prevent unauthorized parties from accessing/modifying our systems/information in an unintended manner. With modern layered security design, one exploit might not grant an attacker access to the entire system, but within our systems, there are ways to establish...
