Journeying into Cybersecurity: Navigating Defense in Depth
Embarking on a cybersecurity journey can be a daunting task, especially with distractions lurking around every corner. Take, for instance, the recently concluded Nigerian presidential election that generated a lot of negativity on social media. Despite the tension and silence that followed, I remained focused on my goal of becoming ISC2 certified in cybersecurity.
In my previous article, we explored some introductory concepts on “Access Control.” Today, I invite you to join me on a deeper dive into this topic. We’ll start by discussing the importance of control assessment and how it reduces risk within an organization’s risk tolerance.
Let’s consider a scenario where an office building is repurposed as a secure storage facility. To ensure that confidential files are adequately protected, five doors must be secured. A site assessment would determine if all five doors need biometric scanners or if only one or two doors require them. More importantly, the cost of implementing these controls must align with the value of what’s being protected.
But access control isn’t just about system access; it includes building access, access to server rooms, access to networks and applications, and utilities. That’s why we’ll be diving into “Defense in Depth.”
Defense in Depth is an information security strategy that integrates people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of an organization. While it can prevent or deter a cyber attack, it cannot guarantee that an attack will not occur.
To illustrate, a technical example of defense in depth is when a username and password are required for logging into your account, followed by a code sent to your phone to verify your identity. A non-technical example would be multiple layers of access required to get to the actual data in a data center, including a physical lock on the door, technical access rules, and policy or administrative controls.
As we delve deeper into this topic, I hope you’ll find it as fascinating as I do. Stay tuned for more cybersecurity insights in the coming weeks!