IT fundamentals - defense in depth

examples of what a layered security is not...

1. multiple implementations of the same basic security tool.

defense in depth is aka

Castle Approch

defense in depth

an information insurance (IA) concept in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedure, technical and physical for the duration of the system's life cycle

When you implement a multi-layered security, it...

increases an attacker's identification much more easily. It reduces an attacker's chance of success.

layered security

multiple layers of defense that resist rapid penetration by an attacker but yield rather than exhaust themselves by too rigid tactics. It also implies policy and operations planning, user training, physical access security measures and direct information assurance personnel involvement in dealing with attempts to gain unauthorized access to information resources. This is regarded by some as merely a delaying tactic used to by time to bring security resources to deal with a malicious security cracker's activity.

one of the most important factors in a well planned defense in depth strategy is..

taking advantage of threat delay. By ensuring rapid notification and response when attacks and disasters are underway, and delaying their effects, damage avoidance of mitigation that cannot be managed by purely technological measures can be enacted before the full effects of a threat are realized