Advancing the defense in depth model

Groat, Stephen; Tront, Joseph G.; Marchany, Randy

doi:10.1109/sysose.2012.6384127

Cited by 17 publications

(38 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…2 which should be managed properly. Defense in depth base on layered architecture, every layer has its own implementation and management such as in network layer every OSI layer must be considered and secured; hence produces overhead for administrators [14], [15].…”

Section: Defense In Depthmentioning

confidence: 99%

Layered Defense in Depth model for IT Organizations

Balakrishnan¹

2014

2nd International Conference on Innovations in Engineering and Technology (ICCET’2014) Sept. 19-20, 2014 Penang (Malaysia)

View full text Add to dashboard Cite

Security methodologies are constantly changing and improving hence becoming a challenge for IT organization to keep their posture up-to-date and effective. It may be productive to examine different security postures to create and improve organization's information security architecture. This paper discusses about defense in depth model and strategy to implement it effectively. Also fructification of each layer of model presents vast variety of implementation alternatives and adoptability according to the design and architecture of organization. Tactically, security is incomplete without proper assessment of assets, risks associated with them and policies to control these risks; the outermost layer of the model covers all these aspects. Well defined policies and procedures aid in designing best security practices for any organization. Security issues do not solve magically but administrators have to evaluate different methodologies to consider as best practice for their organization.

show abstract

Section: Defense In Depthmentioning

confidence: 99%

Layered Defense in Depth model for IT Organizations

Balakrishnan¹

2014

2nd International Conference on Innovations in Engineering and Technology (ICCET’2014) Sept. 19-20, 2014 Penang (Malaysia)

View full text Add to dashboard Cite

show abstract

“…Evaluating the Defense in Depth strategy in terms of current threats will provide additional insight into the key aspects of the strategy [5]. Automated attacks occur almost constantly against any public-facing service; however, these attacks lack sophistication as they often are carried out by a program rather than a live, skilled person [6].…”

Section: Defense In Depthmentioning

confidence: 99%

“…While the defense in depth methodology should be applied to all assets equally, many practitioners clustered defenses at the perimeter [9]. Advances in the practice of defense in depth have led to a more comprehensive security deployment [5].…”

Section: Defense In Depthmentioning

confidence: 99%

“…Admittedly, the defense in depth architecture is adapting lethargically to this new category of threats; however, the basic concepts of the strategy hold true even against these new threats [5]. An administrator must apply security controls continually and keep up with the threat spectrum that is attempting to gain unauthorized access to data assets [13,14].…”

Section: Defense In Depthmentioning

confidence: 99%

“…Improperly deployed, the defense in depth architecture weakens the human component and makes this system difficult to maintain [5]. A lack of higher education and extensive experience in information security professionals intensifies the difficulty of maintaining a defense in depth architecture.…”

Section: Defense In Depthmentioning

confidence: 99%

See 2 more Smart Citations

Network Defense Methodology: A Comparison of Defense in Depth and Defense in Breadth

Cleghorn¹

2013

JIS

View full text Add to dashboard Cite

The defense in depth methodology was popularized in the early 2000's amid growing concerns for information security; this paper will address the shortcomings of early implementations. In the last two years, many supporters of the defense in depth security methodology have changed their allegiance to an offshoot method dubbed the defense in breadth methodology. A substantial portion of this paper's body will be devoted to comparing real-world usage scenarios and discussing the flaws in each method. A major goal of this publication will be to assist readers in selecting a method that will best benefit their personal environment. Scenarios certainly exist where one method may be clearly favored; this article will help identify the factors that make one method a clear choice over another. This paper will strive not only to highlight key strengths and weaknesses for the two strategies listed, but also provide the evaluation techniques necessary for readers to apply to other popular methodologies in order to make the most appropriate personal determinations.

show abstract

Assessing Small Institutions’ Cyber Security Awareness Using Human Aspects of Information Security Questionnaire (HAIS-Q)

Papp

Lovaas

2021

Lecture Notes in Networks and Systems

View full text Add to dashboard Cite

Advancing the defense in depth model

Cited by 17 publications

References 11 publications

Layered Defense in Depth model for IT Organizations

Layered Defense in Depth model for IT Organizations

Network Defense Methodology: A Comparison of Defense in Depth and Defense in Breadth

Assessing Small Institutions’ Cyber Security Awareness Using Human Aspects of Information Security Questionnaire (HAIS-Q)

Contact Info

Product

Resources

About