The Multi Layer Approach For Security Essay

714 Words Nov 22nd, 2016 3 Pages
a) Defense in Depth is the multi layer approach to security. Defense in Depth is one of the major parts of the security architecture. In order to achieve this one organization must implement multiple layers of security controls and safeguards represented in policy, training and education, and technology. Policy is important since it prepares the organization to handle attack proper way, and in combination with technology and training and education can provide a proper defense. Training and education is particularly important when it comes to social engineering and internal (employee) mistakes that can lead to attacks. Technology on the other hand is the main operation layer of Defense in Depth approach since it can detect the attack and also react in order to stop it. This multi layer approach is important since it eliminates the “single point of failure” where if one layer fails that does not necessarily mean the defense was penetrated. This is also true for the technology layer where multiple types of technology can be implemented for the same purpose. This is rather redundant, but is makes sure that the information asset is not compromised if one system fails. Also, in order to implement multiple layers of control we can use Management or Administrative controls (cover security processes designed by strategic planners and performed by security administration), Operational controls (deal with operational functionality of security in organization), and Technical controls…

Related Documents