 |
Defense in Depth Strategy While conducting research to prepare this tutorial, I spoke with the AMSC Systems Analysis Specialist who presented to me the phrase Defense in Depth Strategy (DIDS). Very curious as to what it is and when it came about, I did a quick search. To gain a better understanding, I began with a definition and explanation of DIDS presented at a Security Workshop. Because some of you too may be scratching your head and asking what is this? or for those of you who may have heard the phrase, but may not be too sure what it is, I will share my findings with you. For those folks who are very familiar, please bare with me.
The Defense in Depth Strategy is an element of Information Assurance. It has three elements: people, technology, and operations. "People -- hire good people, train and reward them well. Technology -- test, evaluate, & assess. Operations -- maintain vigilance, respond quick to intrusions and be prepared to restore critical services (IAS Thomas E. Anderson briefing slides)." Let's take a few minutes to lurk about some sites I found interesting -- besides they do a pretty good job at explaining the strategy. National Information Assurance Partnership. This site explains their affiliation with DOD and provides a wealth of information on projects and services. I had great fun in the library! (This site updates frequently -- do a quick search for Defense in Depth Strategy and you will find several interesting links to articles, partnerships, etc.) The Importance of Computer Network Incident Reporting within the Defense in Depth. This paper written by Adam Straub, May 01 provides an exceptional overview of what Defense in Depth is and its purpose for DOD. It explains what to report and who to report such incidents. Defense in Depth: Security for Network-Centric Warfare. This paper written by a U.S. Navy officer provides a comprehensive look at what could be done to minimize system vulnerabilities. Defense in Depth Strategy -- a strategy to defend our information network
|
