Defense in Depth
Defense in depth is the application of multiple layers of protection wherein a subsequent layer will provide protection if a previous layer is breached.
The Information Assurance Technical Framework Forum (IATFF), an organization sponsored by the National Security Agency (NSA), has produced a document entitled the “Information Assurance Technical Framework” (IATF) that provides excellent guidance on the defense-in-depth concepts.
The IATFF encourages and supports technical interchanges on the topic of information assurance among U.S. industry, U.S. academic institutions, and U.S. government agencies. Information on the IATFF document can be found at the website http://www.iad.gov/library/iacf.cfm.
The IATF document 3.110 stresses the importance of the people involved, the operations required, and the technology needed to provide information assurance and to meet the organization's mission.
The defense-in-depth strategy as defined in IATF document 3.1 promotes application of the following information assurance principles:
- Defense in multiple places: Information protection mechanisms placed in a number of locations to protect against internal and external threats
- Layered defenses: A plurality of information protection and detection mechanisms employed so that an adversary or threat will have to negotiate a series of barriers to gain access to critical information
- Security robustness: An estimate of the robustness of information assurance elements based on the value ...
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
