Defence in Depth for Securing Computer Systems

0% developed  as of Apr 30, 2006 (Apr 30, 2006)

But a lot of businesses out there don't see the return on investment, they look at it as a liability, and until they can understand that proactive security actually returns, gives them a return on investment, it's still a hard sell for people.

The concept of Defence in Depth is going to cost your organisation money. It is not cheap to implement, and it is something you have to feed money into every day to maintain. So why do you do it? The simple answer is to protect the business. Business of today is no longer just bricks and mortar. It is no longer just buildings and street addresses. The heart of business today is information. Take away the information and the bricks and mortar will be sold off eventually at bankruptcy auction.

Defence in Depth is all about protecting the information by building up a number of layers around it. It isn’t simply putting up and firewall and walking away. Defence in Depth is building a number of layers around the information that work together to provide a strong and (hopefully) impenetrable.

This book will most likely not cover a lot of new ground for you. A lot of the concepts here are standard areas you will cover working in any IT department. What is new is the aspect of integrating them into one consolidated defensive strategy.

Nine main areas will be covered. These will include:

  1. Preparation
  2. The Technology
  3. The Business
  4. The People
  5. The Physical
  6. The Policy
  7. Incident Handling
  8. Information Warfare and Operations Security
  9. Putting it together