Defense in Depth

What is the primary goal of the Defense in Depth strategy?

To use multiple layers of security to slow down or prevent cyberattacks if one layer is compromised.

What is the CIA triad in cybersecurity?

• Confidentiality – Protects sensitive information from unauthorized access.

• Integrity – Ensures data remains unaltered and accurate.

• Availability – Ensures data is accessible when needed.

What security principle ensures that only authorized users can access data?

Confidentiality

What are the seven layers of security in Defense in Depth?

• Physical security (data center access control)

• Identity & Access Management (IAM) (MFA, role-based access)

• Perimeter security (firewalls, DDoS protection)

• Network security (network segmentation, intrusion detection)

• Compute security (virtual machine hardening, patching)

• Application security (secure coding, WAFs)

• Data security (encryption, access controls)

How does integrity protect data in cybersecurity?

Ensures data is accurate and unmodified by unauthorized sources (e.g., using hashing, checksums).

What is an example of availability in cybersecurity?

Ensuring that authorized users can access systems, such as using backup systems, redundancy, and DDoS mitigation.

How does encryption support Defense in Depth?

Encryption ensures data remains confidential by making it unreadable to unauthorized users.

What is network segmentation, and why is it important?

Dividing a network into isolated sections to limit access and reduce the impact of a breach.

What role does multi-factor authentication (MFA) play in Defense in Depth?

Strengthens identity and access security by requiring multiple forms of verification (e.g., password + biometrics).

Why is Defense in Depth important in cloud security?

Cloud environments have shared responsibilities; using multiple layers of security reduces risk and strengthens compliance.