A Multilayered Approach to Information Security

Establishing multiple layers of defense is critical to protecting valuable information assets. An effective multilayered defense involves not only defining and defending the system perimeter, but also preempting and deterring attacks, implementing tools that can deflect attacks, and then constantly monitoring for intruders and learning from their methods. Together, these various defense mechanisms provide for an information security strategy which supports the confidentiality, integrity, and availability of the system, while simultaneously mitigating many of the risks inherent in a world that relies so heavily on information and communication technologies. Remember: a layered defense strategy is best!

Many organizational information systems are subjected to a constant barrage of attacks. Fortunately there are also many tools and techniques available that can be used to limit the number of attacks that will be successful. Beginning outside of the boundaries of a system, preemption and external deterrence methods can be used in order to prevent attacks. For those intrusion attempts that make it through the system perimeter, we can use internal deterrence mechanisms and deflection mechanisms. If all else fails and the attack is successful, it is critical to be able to detect the attack and respond to and learn from it as quickly as possible. In so doing, we can contain the damage and limit the likelihood that a similar attack will succeed in the future. A multilayered security strategy thus represents the best chance possible of providing a solid defense against attacks in light of the competing objectives of confidentiality, integrity, and system availability.