博客來Cyber-Physical Risk Architecture
A Science-Based Framework for Enterprise Security
Security failures today are rarely purely "cyber" or purely "physical." They occur at the seams-where people, facilities, technology, and governance intersect. Yet most organizations still manage these risks in silos, relying on disconnected controls, subjective assessments, and after-the-fact justifications.
Cyber-Physical Risk Architecture introduces a unified, science-based approach to enterprise security-one that treats security as a defensible risk discipline rather than a collection of tools or tactics.
This book defines a complete operating model for cyber-physical security, grounded in risk science, engineering principles, and enterprise governance. It provides security leaders, architects, and decision-makers with a common language for designing, evaluating, and defending security programs in complex environments.
What this book deliversThe Cyber-Physical Risk Framework
A structured operating model that integrates governance, protection, detection, response, and recovery across cyber, physical, and human domains.The Cyber-Physical Control Catalog
A normative set of 42 foundational controls, written in outcome-based language, defining what a defensible security program must achieve-independent of vendors, technologies, or facility type.The Cyber-Physical Risk Maturity Model
A four-tier maturity scale (Tier 1-Tier 4) that allows organizations to assess implementation rigor, communicate security posture to executives, and justify risk-based trade-offs.The Security Science Foundation
The physics, probability, and financial principles that underlie effective security design-moving the conversation from opinion and "best practices" to measurable risk and defensible decisions.Alignment with the NIST Cybersecurity Framework (CSF 2.0)
A formal crosswalk showing how cyber-physical security outcomes align with Govern, Identify, Protect, Detect, Respond, and Recover-allowing physical security to integrate directly into enterprise risk governance.Legal Defensibility and Governance Framing
Guidance for demonstrating duty of care, reasonableness, and foresight in executive, regulatory, and litigation contexts.
Chief Security Officers (CSOs) and senior security leaders
Physical and cyber-physical security architects
Enterprise risk, legal, and compliance professionals
Assessors, auditors, and advisors evaluating security posture
Executives seeking defensible, business-aligned security decisions
This book is not a checklist, a vendor guide, or a certification manual. It does not promise perfect security. Instead, it provides the structure, language, and analytical foundation required to design and govern security programs that are intentional, explainable, and defensible.
In an era of converging threats and increasing scrutiny, Cyber-Physical Risk Architecture establishes a new standard for how enterprise security is understood, implemented, and defended.
