Use multiple layers of security - 'defence in depth'
Effective security for an information asset can be achieved by using several different layers of security measures.
This approach is referred to as 'defence in depth' — the security of an asset is not significantly reduced with the loss or breach of any single layer of security.
A ‘defence-in-depth’ strategy:
- reduces the likelihood of a successful malicious attack
- minimises the damage that results from an attack.
A simple example is preventing malware from infecting IT systems. You might apply three or more layers of defence:
- a network monitoring and intrusion detection system (IDS)
- an intrusion prevention system (IPS)
- a computer or server anti-malware protection system.
If any one system fails to detect a piece of malware, another system will detect it and prevent the malware from running. It’s important to use a diverse and complementary range of capabilities so each layer can catch and prevent an intrusion that another layer may have missed.
Figure: An example of layers of control in a ‘defence in depth’ information security system in an enterprise environment
Page last modified: 5/08/2019