Defense in Depth (also known as
Castle Approach) is an
information assurance (IA) concept in which multiple layers of security controls (defense) are placed throughout an
information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of
personnel,
procedural,
technical and
physical for the duration of the
system's life cycle.