Learn more about building a foundation for cybersecurity resiliency and best practices from Charles Denyer, one of the world’s foremost cybersecurity experts and keynote speakers.
Building a true foundation for cybersecurity resiliency starts by implementing both defense in depth and layered security measures. Let’s take a quick look at each of these highly essential concepts.
Defense in Depth was initially a military strategy that put forth a “delay rather than prevent” concept, one that advocated yielding various elements to the enemy for purposes of buying extra time. Over time, the National Security Agency (NSA) adopted Defense in Depth as an information assurance (IA) concept in which multiple layers of security are used for protecting an organization’s information technology infrastructure.
Defense in Depth
Defense in Depth has since become a highly-adopted framework for many organizations around the world for helping ensure the safety and security of critical system resources. It’s been praised as a highly effective concept, one that employs appropriate countermeasures for thwarting attacks on an enterprise’s information systems environment. Defense in Depth – for purposes of information security – includes the following layers, which have been loosely adopted and agreed upon by industry leading vendors and other noted organizations:
- Internal Network
- Policies, Procedures, Awareness
Layered security, often mentioned in the context of Defense in Depth, is a concept whereby multiple layers of security initiatives are deployed for the purposes of protecting an organization’s critical system resources. Specifically, by utilizing a number of security tools, protocols, and features, organizations can effectively put in place layers of security that – in the aggregate – help ensure the confidentiality, integrity, and availability (CIA) of systems.
It’s important to note that the main emphasis of layered security is about protection, ultimately making it a subset of Defense in Depth, which casts a much wider net on the broader subject of enterprise-wide information security. Furthermore, layered security seeks to put in place measures that compensate for possible weaknesses in other tools, but again – in the aggregate – form a comprehensive security strategy
Remember, layered security is not about information security redundancy – that is, using tools to achieve the same desired output – such as using an access control card and iris recognition to enter a data center (that’s two forms of the same control – authentication and authorization).
Want to Learn More and also Grow your Business?
Want to learn more about building a foundation for cybersecurity resiliency and how cybersecurity can be your rock-solid competitive advantage for long-term growth and profits? Charles Denyer, one of the world’s leading cybersecurity specialists and a globally recognized cybersecurity keynote speaker, offers organizations a way to secure their information systems, while also creating immense value – and increased revenue generating opportunities from their clients. How? By obtaining a competitive advantage through cybersecurity. Book Charles as your next keynote speaker, and learn more about securing and growing your business today.