General Security Concepts

The foundation. Lightest domain by weight but everything else builds on it — miss this and the other four domains won’t make sense.

Four objectives covering security control classification (technical/managerial/operational/physical crossed with preventive/detective/corrective/deterrent/compensating/directive), the CIAConfidentiality, Integrity, Availability — The three core security properties triad and AAAAuthentication, Authorization, Accounting — Framework for access control and auditing framework, zero-trust architecture, change management processes, and cryptographic primitives from symmetric encryption through PKIPublic Key Infrastructure — Trust framework for digital certificates certificate chains.

Underpins everything: High-Friction Defense (making attacks cost-prohibitive), cryptographic primitives (TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit 1.3, ephemeral certificates, key management), zero-trust identity foundations, and the assume-breach model that informs every other domain.