Defense in Depth                                      

Information security must keep information throughout the life span of the information, from the original creation of the information on through to the final disposal of the information. The information must be secluded while in motion and while at take it easy. throughout its life time, information may pass throughout many different information processing systems and through many different parts of information processing systems. There are many dissimilar traditions the information and information systems can be susceptible. To fully protect the information during its lifetime, each constituent of the information processing system must have its own fortification mechanisms. The building up, layering on and overlapping of security measures is called defense in depth. The power of any system is no greater than its weakest link.

Using a defense in deepness plan, should one suspicious measure fail there are other defensive actions in place that continue to provide safety.

Remember the previous discussion about logical controls, administrative controls, and substantial controls. The three kinds of controls can be used to form the bases upon which to build a defence-in depth-strategy. With this move toward, defence in depth can be conceptualized as three distinct layers or planes laid one on top of the additional. Additional approaching into defense in depth can be gained by philosophy of it as forming the layers of an onion, by means of data at the center of the onion, people as the outer layer of the onion, and network safety, host-based safety and applications security forming the inner layers of the onion. Both viewpoints are uniformly valid and each provides precious insight into the implementation of a good defense-in-depth strategy.