Oct 15, 2008
stratsec (as SIFT) was engaged by the IT Security Expert Advisory Group (ITSEAG) of the Trusted Information Sharing Network (TISN) to provide advice for implementing defence-in-depth security controls and highlights the concept’s importance when it comes to dealing with modern information risk management.
Threats to an organisation’s information resources can arise through its people, trading partners, external sources, and technological innovation. No single strategy or technology (such as a firewall) will ever protect against all these threats. Defence in depth involves the application of people, process and technology controls, in a holistic risk-management approach to ensure that all threats are covered. A defence in depth initiative will generally be driven by the CIO.
Download full report:
Defence-in-full-15-Oct-2008.pdf