Defense in Depth

Main Points

• Defense in Depth: A layered security approach ensuring that if one defense fails, another mitigates the risk.

• Layers of Security: Each layer has different controls to slow down or stop an attack.

• CIA Triad: Core security principles—Confidentiality, Integrity, Availability—that guide security strategies.

Key Terms & Topics

1. Physical Security – Controls like badge access, security guards, locked server rooms.

2. Identity & Access Management (IAM) – Multifactor authentication (MFA), role-based access controls.

3. Perimeter Security – Firewalls, DDoS protection, VPNs.

4. Network Security – Network segmentation, intrusion detection systems (IDS), least privilege access.

5. Compute Security – Secure configurations, patching, virtual machine (VM) hardening.

6. Application Security – Secure coding practices, vulnerability testing, web application firewalls (WAF).

7. Data Security – Encryption, backups, access controls.

Things to Know as an SME

• Layered security reduces risk: No single control can prevent all threats.

• CIA Triad defines security goals:

  • Confidentiality – Protect sensitive data with encryption and access control.

  • Integrity – Ensure data remains unchanged and accurate.

  • Availability – Ensure data and systems remain accessible when needed.

• Cybercriminals target CIA principles: Attacks aim to steal, corrupt, or disrupt access to data.

• Microsoft and cloud providers offer security solutions to align with Defense in Depth strategies.