Summary

Nothing works right 100% of the time. That is one reason why each of the pieces previously discussed are needed. Each of these items helps build a security infrastructure that supplies defense in depth. Defense in depth is about building security in layers. If one layer is breached, you have multiple layers beneath it to continue protecting your organization’s assets. Defense in depth is about finding a balance between the protection cost and the value of the informational asset. For example, you have an information classification system but have also encrypted this data. Strong controls have also been placed on who has access to the information; the physical devices the information is located on have been secured; and when it is in transit, it is transmitted only in a encrypted form. Now, it’s not that this information cannot be attacked or disclosed, but you have implemented several items to prevent its release. Someone targeting this information will have to successfully overcome one or more of these barriers to be successful.