Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

05 Assets, Threats, and Vulnerabilities > MD3 Defence in depth > Flashcards

MD3 Defence in depth Flashcards

1
Q

Defence in depth

A

A layered defense is difficult to penetrate. When one barrier fails, another takes its place to stop an attack. Defense in depth is a security model that makes use of this concept. It’s a layered approach to vulnerability management that reduces risk. Defense in depth is commonly referred to as the castle approach because it resembles the layered defenses of a castle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Defence in depth II

A

The defense in depth concept can be used to protect any asset. It’s mainly used in cybersecurity to protect information using a five layer design. Each layer features a number of security controls that protect information as it travels in and out of the model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

5 layer design

  1. Perimeter layer
A

The first layer of defense in depth is the perimeter layer. This layer includes some technologies that we’ve already explored, like usernames and passwords. Mainly, this is a user authentication layer that filters external access. Its function is to only allow access to trusted partners to reach the next layer of defense.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

5 layer design

  1. The network layer
A

Second, the network layer is more closely aligned with authorization. The network layer is made up of other technologies like network firewalls and others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

5 layer design

  1. The endpoint layer
A

Endpoints refer to the devices that have access on a network. They could be devices like a laptop, desktop, or a server. Some examples of technologies that protect these devices are anti-virus software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

5 layer design

  1. The application layer
A

This includes all the interfaces that are used to interact with technology. At this layer, security measures are programmed as part of an application. One common example is multi-factor authentication. You may be familiar with having to enter both your password and a code sent by SMS. This is part of the application layer of defense.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

5 layer design

  1. The data layer
A

And finally, the fifth layer of defense is the data layer. At this layer, we’ve arrived at the critical data that must be protected, like personally identifiable information. One security control that is important here in this final layer of defense is asset classification.

Like I mentioned earlier, information passes in and out of each of these five layers whenever it’s exchanged over a network. There are many more security controls aside from the few that I mentioned that are part of the defense in depth model. A lot of businesses design their security systems using the defense in-depth model. Understanding this framework hopefully gives you a better sense of how an organization’s security controls work together to protect important assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

05 Assets, Threats, and Vulnerabilities (50 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions