Skip to content

References: Security of Information Assets

  1. Information security - Wikipedia - Comprehensive overview of the CIA triad, security controls, and risk management. Anchors the chapter's security framing.

  2. Identity and access management - Wikipedia - Detailed coverage of IAM, authentication, authorization, RBAC, and ABAC. Foundation for the chapter's IAM section.

  3. STRIDE model - Wikipedia - Clear explanation of Microsoft's threat-modeling framework. Directly supports the chapter's STRIDE threat-model MicroSim.

  4. Security Engineering (3rd Edition) - Ross Anderson - Wiley - The definitive academic reference on security engineering across systems, organizations, and people; chapters on access control and protocols are essential supplements to this chapter.

  5. The Web Application Hacker's Handbook (2nd Edition) - Dafydd Stuttard and Marcus Pinto - Wiley - Practitioner-focused reference on web application security, the threat surface most IS professionals will actually encounter.

  6. NIST Cybersecurity Framework 2.0 - NIST - Authoritative source for the CSF that this chapter references, including the Govern-Identify-Protect-Detect-Respond-Recover functions.

  7. OWASP Top 10 - OWASP - The canonical list of the most critical web application security risks, updated regularly. Required reading for the chapter's threat-landscape content.

  8. SANS Reading Room - SANS Institute - Library of authoritative security white papers covering topics from incident response to specific attack patterns. Excellent depth supplement.

  9. CIS Critical Security Controls - Center for Internet Security - The CIS Controls v8, a prioritized set of practical security controls. Pairs with the chapter's security-program design content.

  10. TLS Handshake Explained - Cloudflare Learning - Clear visualization of the TLS handshake and chain of trust. Directly supports the chapter's TLS handshake MicroSim.