Question

In an environment familiar to you (your school or where you work, for example), determine whether the principle of diversity of defense has been employed and list the different layers of security that are employed. Discuss whether you think they are sufficient and whether the principle of defense in depth has also been used. Please do NOT reveal any information that can be used to identify the organization.

Answer 1

Defense in Depth :

It is an information assurance strategy that provides multiple redundant defensive measures in case a security control fails or a vulnerability occurs .

Defense in Depth cybersecurity use cases include end user security , product design and network security .

In my case , work area , Defense in Depth is being implemented for an extent .

The layer we are having are

Physical Controls :

In this layer all the physical access to the computer systems are protected using the security guard or locks to the doors .

Technical controls :

This control system will protect the network systems or resources using the specialized hardware or software such as firewall appliance or antivirus .

Administrative Controls :

These are the security measures given to the empployees of an organisation

Eg : The sensitive information need not to be enclosed outside the organisation .

In addition to above we are having some other measures that will help in more establishment of Defense in Depth .

Access Controls : In this security measure the employees are given specific VPN inorder to connect to the office environment .

Data Encryption : The data related to the organisation is being protected using the various encrption methods .

Monitoring Network : Each organisation will have their own network to work . And a continuous monitoring is done on the network to avoid the network threats .