X hits on this document





1 / 5

Defense in Depth

A practical strategy for achieving Information Assurance in today’s highly networked environments.

Introduction. Defense in Depth is practical strategy for achieving

It’s also important to resist detrimental effects from non-malicious

Information Assurance in today’s highly networked environments. It is a “best practices” strategy in that it relies on the intelligent application of techniques and technologies that exist today. The strategy recommends a balance between the protection capability and cost, performance, and operational considerations. This paper provides an overview of the major elements of the strategy and provides links to resources that provide additional insight.

Adversaries, Motivations, Classes of Attack. To effectively resist attacks against its information and information systems, an organization needs to characterize its adversaries, their potential motivations, and their classes of attack. Potential adversaries might include: Nation States, Terrorists, Criminal Elements, Hackers, or Corporate Competitors. Their motivations may include: intelligence gathering, theft of intellectual property, denial of service, embarrassment, or just

pride in exploiting a notable target. Their classes of attack may include: passive monitoring of communications, active network attacks, close-in attacks, exploitation of insiders, and attacks through the industry providers of one’s Information Technology resources.

events such as fire, flood, power outages and user error.

Information Assurance. Information Assurance is achieved when information and information systems are protected against such attacks through the application of security services such as: Availability, Integrity, Authentication, Confidentiality, and Non-Repudiation. The application of these services should be based on the Protect, Detect, and React paradigm. This means that in addition to incorporating protection mechanisms, organizations need to expect attacks and include attack detection tools and procedures that allow them to react to and recover from these attacks.

Information Assurance Defense In Depth Strategy




Robust & Integrated Set of Information Assurance Measures & Actions

An important principle of the Defense in Depth strategy is that achieving Information Assurance requires a balanced focus on three primary elements: People, Technology and Operations.

Document info
Document views33
Page views34
Page last viewedMon Jan 23 11:16:03 UTC 2017