PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
February 2002

Simplify defense-in-depth security with redundant security controls

Just about everyone involved in infosecurity has heard of "defense-in-depth," the practice of building multiple layers of security into a given system or network. Most security books, trade magazines, conferences and workshops trumpet defense-in-depth as a fundamental principle of security management and administration. Defense-in-depth is, indeed, a key security concept. But I would contend that most of us think of "depth" in rather shallow ways. We don't do a very good job of implementing depth at an organization-wide level. Worse, we don't use the defense-in-depth concept to simultaneously simplify and improve security. Binary vs. Synergistic Controls First, a working definition. There are five different control types that can be applied to any given security threat (or attack) scenario: protect, detect, recover, deter and transfer. Some people define defense-in-depth as the ability to respond to each threat or attack with at least one control from each of these five categories. For example, think about how a bank protects ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue

  • Security startups: Recipe for success

    by  Robert Logan

    Stir one part technologist with one part experienced CEO and some VC money and you have the recipe for successful security startups.

  • Secure reads: The CISSP Prep Guide, CISSP Exam Cram

    by  SearchSecurity staff

    Although efficient study guides for cramming before the CISSP test, The CISSP Prep Guide and the CISSP Exam Cram won't advance the infosec profession and are likely plagiarized.