Before any password, any virus, or any of the words you came here to learn, there is a way of thinking. Security is not a product or a piece of software — it is a goal, and a particular lens on the digital world: that wherever there is something worth taking, someone might try to take it. This chapter builds that lens and the handful of words that make everything after it readable.
5 topics
It is tempting to think security starts with tools — antivirus, a strong password, a firewall. It doesn't. It starts with a goal: keeping information and the systems that hold it away from people who shouldn't reach them. Every tool you will ever meet is just a way of serving that goal, and none of them mean much until you can see the goal clearly.
Five short topics build the lens. First, what security actually means, stripped of the scary stories. Then the three things every defense is really protecting — kept secret, kept correct, kept available. Then the three words people constantly confuse: threat, vulnerability, and risk. Then who actually attacks, and why — which is rarely the lone genius of the movies. And finally the most freeing idea in the whole field: that no system is ever perfectly secure, so security is about managing risk, not chasing perfection.
Everything in security serves three goals — and lives between attack and defense
Confidentiality
only the right people can read it · broken by a leak
Integrity
the information stays correct and unaltered · broken by tampering
Availability
the system is there when you need it · broken by an outage