The book introduces a new methodology to help critical infrastructure owners, operators, and security practitioners make demonstrable improvements to secure the most important functions and processes. It provides practical techniques to put targets beyond the reach of the most persisent cyber adversaries.