The Science of Security: Scientia Securitatis: Theory, Frameworks, and Practice

The security profession has produced thousands of books on tools, threats, and compliance frameworks. Almost none on how to think clearly about the problem.

Scientia Securitatis - Latin for "the science of security" - develops the analytical apparatus the field actually needs. Drawing on criminology, cognitive psychology, military theory, and twenty-five years of practitioner experience across physical, cyber, personnel, and operational domains, Chris Mark treats security as a unified discipline whose underlying problems are the same regardless of domain.

This is not another cybersecurity book. Whether the threat is pirates trying to hijack a ship, gunfire against an electrical substation in North Carolina, a deepfake CEO impersonation that moves $25 million across borders, the Volt Typhoon and Salt Typhoon campaigns against U.S. critical infrastructure, or an Equifax-style breach blamed on its victim, the analytical questions are constant: Who chose to attack? Why did the defense fail? What would actually have worked?

What the book develops:

The Mark Heptad - a taxonomy of seven adversary motivations (financial, espionage, war/defense, facilitation, hacktivism, revenge, nuisance) that maps directly to deterrence strategyThe IMCM Framework - Ignorance, Mistake, Complacency, Malice - for classifying human-induced vulnerabilities and matching them to specific interventionsThe DIVE Framework - Direction, Intensity, Vulnerability, Exposure - for operational security assessmentThe Multiplicative Security Model - the mathematical basis for why defense-in-depth actually works, and how to calculate itRigorous treatments of the Swiss Cheese Model, Routine Activity Theory, Situational Crime Prevention, and the Twenty-Five TechniquesA criminological critique of victim blaming in post-incident analysis, drawn from Wolfgang, Timmer and Norman, and case studies of the Equifax, OPM, Target, and Snowflake breaches

Who this book is for:

Security executives building defensible programs across multiple domains. Policy professionals confronting unrestricted warfare doctrine and contemporary asymmetric threats. Risk and compliance leaders who suspect compliance frameworks aren't stopping sophisticated adversaries - and want to understand why. Graduate students approaching security as an analytical discipline rather than a job category. Practitioners with the instincts to ask better questions.