Design Defense in Depth

Defense in depth is the application of multiple layers of controls are to defend against threats. Many security controls are applicable to a variety of assets and numerous threats. In some cases, the controls applied to one layer of defense may be redundant (e.g. belt and suspenders). In other cases, the controls may have complementary characteristics.

The following figure illustrates layers of defense, protecting the assets identified at the bottom.

Layers of Controls

Layers will be discussed in the following posts:

Copyright © 2019 Christopher T. Carlson

Excerpt from How to Manage Cybersecurity Risk – A Security Leader’s Roadmap with Open FAIR


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s