Chance favors the prepared mind.
Louis Pasteur
Now we begin to apply our I-ADD security analysis process, described in Chapter 2, "Security Principles." As you may recall, the I-ADD security analysis process consists of four phases:
Identify targets and roles.
Analyze known attacks, vulnerabilities, and theoretical attacks, generating mitigations and protections.
Define a strategy for security, mindful of security/functionality/management trade-offs.
Design security in from the start.