Inside Defense-in-Depth Transcript Part 1: Defining Defense-in-Depth; Getting Started

Abstract

That's a really good question. Like you mentioned, the curriculum that we just published on the CERT website was really aimed at addressing Defense-in-Depth from kind of a different point of view. Throughout the security world, people a lot of times will talk about Defense in-Depth, but it's not really explained, and there's no really good way to look at something like a model and determine if you've really achieved it. So what it is, just in definition, it's multiple controls that are related, addressing different security concerns in an organization. So one instance would be, you know, you've got firewalls to protect you from malicious traffic, but you've also got anti-virus software in case malicious traffic reaches your network. So it's just a layered approach at addressing information security and information insurance, such that if one layer fails, you've got other layers in place to kind of make sure your network is sustainable in the face of attacks and failures.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2006
Accession Number
AD1134078

Entities

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Accountability
  • Addressing
  • Anti-Virus Software
  • Business Administration
  • Commerce
  • Configuration Management
  • Containers
  • Copyrights
  • Curriculum
  • Education
  • Engineering
  • Executives
  • Information Assurance
  • Information Security
  • Monitoring
  • Risk
  • Risk Management
  • Security
  • Software Development
  • Universities

Readers

  • Cybersecurity.
  • Systems Analysis and Design