|Overview: Defense In Depth|
An IT security strategy that uses multiple layers of security controls.
What is Defense In Depth?
John Spacey, updated on November 23, 2016
Defense in depth is an IT security strategy that uses multiple layers of security controls. It is often explained with an analogy to a castle with many layers of defense such as moats, walls and finally a castle keep.A basic principle of IT security is that components shouldn't trust each other. That is to say, that each component should assume that other components in an organization or technology stack have been compromised. It is impractical to have every single component in a large system that has no trust in anything. As such, layers are established that don't trust each other. The following are examples of layers used by defense in depth strategies. ProcessesProceduresUser InterfacesApplicationsData Access LayersPlatformsServersOperating SystemsNetworksDemilitarized zonesData RepositoriesThe following are examples of techniques that may be used at each layer to implement security.Training & situational awarenessAuthentication & authorizationPattern scanning such as anti-virus toolsIntrusion detectionEncryptionPerimeters such as firewallsAudit trailsSandboxes
Information SecurityThis is the complete list of articles we have written about information security.
If you enjoyed this page, please consider bookmarking Simplicable.
The relationship between security and privacy.
An overview of technology hardening.
An overview of deep magic, a technology term.A definition of encryption with examples.
A definition of canary trap with an example.
A definition of honeypot with examples.
A definition of security through obscurity with an example.
A definition of token with examples.
A definition of backdoor with examples.A reasonably comprehensive list of information technologies.
A list of gamification techniques. A list of common IT problems.
The basic types of cloud computing.
The common types of machine data.The common types of software.
A definition of proprietary technology with examples.
The common elements of a systems design.
The difference between systems and applications explained.
TrendingThe most popular articles on Simplicable in the past day. Recent posts or updates on Simplicable.