The importance of layered defence from some trusted sourcesThe importance of layered defence |
The importance of layered defence from some trusted sourcesThe importance of layered defence |
Layer your defences
As with physical and personnel security, cyber security can make use of multiple measures which (when implemented simultaneously) help reduce the chances of single point of failure. This approach is commonly referred to as 'defence in depth’. UK National Cyber Security Centre (NCSC) - Implementing effective cyber security measures How to avoid being a victim
The NCSC has updated its ‘Mitigating Ransomware and Malware Attacks’ guidance, recommending that organisations deploy a “defence in depth” strategy. By implementing a technical architecture with multiple defensive layers, if one mechanism fails another is there to thwart an attack. UK National Cyber Security Centre (NCSC) - Annual Review 2020 |
Mitigating cyber security risks
More resilient organisations also take a ‘defence-in-depth’ approach to cyber security, implementing a range of technical and non-technical policies, procedures and controls that enable better protection against cyber threats in the long term. Australian Cyber Security Centre (ACSC) - Australian Government Information Security Manual Cyber security incidents
Although malicious emails are currently, and will likely continue to be, the most common type of incident reported to the ACSC, it is important to ensure security is applied throughout a network (defence-in-depth) and across personal devices. Australian Cyber Security Centre (ACSC) - ACSC Annual Cyber Threat Report, July 2019 to June 2020 |
We're guided by key security and privacy principles
Defence in Depth: this ensures we have a series of layered defensive mechanisms to protect our data and information, including physical, technical, and people security. Victorian Government - Data legislation, security and privacy Identifying possible security controls
Security controls should also provide ‘defence-in-depth’ (i.e. a number of controls may provide overlapping risk mitigation which can provide some surety if one control fails). Office of the Victorian Information Commissioner - Information Security Risk Management |