General Security Concepts

The foundation. Lightest domain by weight but everything else builds on it — miss this and the other four domains won’t make sense.

Four objectives covering security control classification (technical/managerial/operational/physical crossed with preventive/detective/corrective/deterrent/compensating/directive), the CIA triad and AAA framework, zero-trust architecture, change management processes, and cryptographic primitives from symmetric encryption through PKI certificate chains.

Underpins everything: High-Friction Defense (making attacks cost-prohibitive), cryptographic primitives (TLS 1.3, ephemeral certificates, key management), zero-trust identity foundations, and the assume-breach model that informs every other domain.