Further Reading: Security Principles

Curated, annotated resources to deepen this chapter. Each entry notes which learning path it serves most (🛡️ SOC, 🏗️ Engineer, 📋 GRC, 📜 Cert) and its citation tier. Start with the suggested order below; you do not need to read everything before Chapter 4.

Suggested order

  1. Read Saltzer & Schroeder's design-principles section — least privilege, fail-safe defaults, and separation of privilege are stated there with a clarity no textbook improves on, including this one.
  2. Skim the NIST Cybersecurity Framework 2.0 Functions to see how Protect / Detect / Respond / Recover map onto the preventive / detective / corrective control functions of §3.3.
  3. Read the executive summary of NIST SP 800-207 to ground the zero-trust principle before its architecture in Chapter 32 — and to inoculate yourself against vendor "zero trust in a box" claims.
  4. Keep a Security+ or CISSP reference nearby for the control-type and CIA/AAA vocabulary, which recurs on every exam and in every framework.

Standards & primary documents (Tier 1)

  • Saltzer, J. H., & Schroeder, M. D., "The Protection of Information in Computer Systems" (1975), Proceedings of the IEEE. 🏗️📜 The origin of the design principles this chapter rests on: least privilege, fail-safe defaults, economy of mechanism, separation of privilege, and more. Fifty years old and still the clearest statement of why secure systems are built the way they are. Read the principles section even if you skip the rest.
  • NIST, Cybersecurity Framework (CSF) 2.0 (2024). 📋📜 Its six Functions — Govern, Identify, Protect, Detect, Respond, Recover — are essentially the control functions of §3.3 organized as a program. Map Protect→preventive, Detect→detective, Respond/Recover→corrective to see the connection.
  • NIST SP 800-207, Zero Trust Architecture (2020). 🏗️📜 The authoritative definition of zero trust and its tenets. Read the principle here; Chapter 32 builds the architecture on it. The single best antidote to marketing-driven misunderstanding of "zero trust."
  • NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations (Rev. 5). 🏗️📋 The encyclopedic control catalog that the function × nature matrix organizes. You do not read it cover to cover; you learn its structure now and consult it when building Meridian's framework.
  • CIS Critical Security Controls, v8. 🏗️📋 A prioritized, practical control set — a more approachable on-ramp than SP 800-53 for "what controls should we actually have, in what order?" Maps cleanly onto the preventive/detective/corrective idea.
  • ISO/IEC 27002, Information security controls. 📋 The international counterpart catalog; useful for seeing the same control concepts organized by a different (themes-based) taxonomy, which reinforces that the principles are universal even when the catalogs differ.

Books (Tier 1)

  • Anderson, R., Security Engineering (3rd ed.). 🏗️ The deepest treatment of how the principles in this chapter play out in real systems — and how they fail. The chapters on access control and on protocols make least privilege and separation of duties vivid with real-world failures.
  • Chapple, M., & Seidl, D., CompTIA Security+ Study Guide. 📜 Thorough, exam-aligned coverage of CIA, AAA, control types, and the secure-design principles, at the exact depth the Security+ exam tests.
  • Harris, S., & Maymí, F., CISSP All-in-One Exam Guide. 📜📋 Broader and deeper; its security-architecture and identity chapters treat control types, least privilege, separation of duties, and defense in depth at the management depth CISSP demands.
  • Kim, D., & Solomon, M., Fundamentals of Information Systems Security. 📜📋 A clear, classroom-paced tour of the CIA triad, AAA, and control categories — a gentler companion if any concept here felt rushed.

Free online & talks (Tier 1 / Tier 2)

  • NIST CSF 2.0 reference tool and quick-start guides (nist.gov). 📋📜 Interactive views of the Functions and their mappings to other frameworks — a fast way to internalize the protect/detect/respond/recover structure.
  • CISA, Zero Trust Maturity Model. 🏗️📋 A government-published, vendor-neutral view of zero trust as a journey across pillars (identity, devices, networks, applications, data) — concrete proof that ZT is a posture built incrementally, not a product. (Tier 1 where you can cite the published model; treat specific maturity-level details as guidance that evolves.)
  • OWASP, Security by Design Principles. 🏗️ A developer-facing restatement of least privilege, fail-safe defaults, defense in depth, and related principles — the application-security expression of this chapter, previewing Chapters 12–13. (Tier 2: community-maintained; principles are sound, exact wording varies.)

Tools to explore (in your own lab only)

  • A control-classification worksheet. 🏗️📋 Take ten security controls in your own environment (locks, logins, backups, antivirus, training) and classify each on the function × nature matrix; plot them and find your emptiest cell. The best first lab here needs no software — just the §3.3 grid and honesty.
  • A separation-of-duties review of one workflow. 📋🏗️ Pick a high-risk process you can observe (approving a refund, granting access, publishing to production) and map who performs each step. If one person can do all of it, you have found a real finding — exactly the Case Study 2 exercise.

⚖️ Authorization & Ethics reminder: These principles are framed for designing and assessing systems you own or are authorized to defend. When you map a real organization's controls or workflows, do so with permission — an access review or control inventory touches sensitive information about how the organization protects itself (Chapter 39 covers the ethics in full).