World Library  
Flag as Inappropriate
Email this Article

Defense in depth (computing)

Article Id: WHEBN0007991195
Reproduction Date:

Title: Defense in depth (computing)  
Author: World Heritage Encyclopedia
Language: English
Subject: Security through obscurity, DID, Computer security procedures, Pass the hash, DMZ (computing)
Collection: Computer Network Security, Computer Security Procedures, Data Security
Publisher: World Heritage Encyclopedia

Defense in depth (computing)

Defense in Depth (also known as Castle Approach) is an information assurance (IA) concept in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical for the duration of the system's life cycle.


  • Background 1
  • Examples 2
  • References 3
  • See also 4


The idea behind the defense in depth approach is to defend a system against any particular attack using several independent methods.[1] It is a layering tactic, conceived by the National Security Agency (NSA) as a comprehensive approach to information and electronic security.[2][3]

Defense in depth is originally a military strategy that seeks to delay rather than prevent the advance of an attacker by yielding space to buy time. The placement of protection mechanisms, procedures and policies is intended to increase the dependability of an IT system, where multiple layers of defense prevent espionage and direct attacks against critical systems. In terms of computer network defense, defense in depth measures should not only prevent security breaches but also buy an organization time to detect and respond to an attack and so reduce and mitigate the consequences of a breach.


Using more than one of the following layers constitutes defense in depth.


  1. ^ Schneier on Security: Security in the Cloud
  2. ^ Defense in Depth: A practical strategy for achieving Information Assurance in today’s highly networked environments.
  3. ^ OWASP Wiki: Defense in depth

See also

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from World eBook Library are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.