Defence in depth and breadth

Defence in depth and breadth

Decorative image: DEFENCE IN DEPTH & BREATH: Data:Database Security Information Security Content Security Message Level Security Host:Platform OS Vulnerability Management Patching Desktop Management Polices, Procedures and Awareness:Data Classification Password Strength Code, Reviews Usage policies Application:SSO,Identity Security Assurance,AAA Internal Network/Perimeter: TLS,Firewall,Encryption,NAT DoS ,Protection Physical:Fences,Walls,Keys Badges,Guards,Locks 

Figure 1: Defence in depth and breadth

Understanding the breadth of the problem

Defence in depth refers to layers of defensive mechanisms which are used to protect valuable data and information.

Defence in breadth is a more recently coined phrase that has come about due to the need to consider all the connections to any networked system. The complexity of the networks now in place in many organisations is staggering and, when connections to suppliers, customers, different physical locations around the world, homeworkers and many more are considered, they become ever more difficult to manage.

The concept of understanding the breadth of the network and its connectivity is critical. Security is only as strong as the weakest link and that is where the criminal or other intruder will most likely find their way in. Malware is now very sophisticated and once inside an organisation it will attempt to scan the network to find holes, service ports and login details for other, more protected areas, even allowing the intruder to appear as a trusted user.

Defence in depth and breadth is therefore a strategy for not only layering security to provide redundancy and to buy time to detect and enact a response, but also to span the wide-reaching end points and variety of security systems to provide a timely, co-ordinated response.



Diagram showing elements of Accountability: Identity distinguishes a unique identity; Authentication and Authenticity verifies the identity of an entity; Access control restricts permission to use a resource; Logging creates a record of activity; Auditing: the checking of records to monitor activity

Figure 2: Acountability

It’s important that organisations are able to hold individuals, groups, companies and other organisations accountable for their actions. With the right levels of accountability established, you’ll be better placed to detect and deter malicious or risky behaviour.

There are five stages to accountability, and these are illustrated on Figure 2 above. They are:

  1. Identity
  2. Authentication and Authenticity
  3. Access Control and Authorisation
  4. Logging
  5. Auditing

In this Learning Path, we’re going to look at the first two stages, you’ll explore the others in later Learning Paths.


This is one of the more difficult concepts to explain and it’s fair to say that volumes have been written on this subject.

The definition here is taken from the British Computer Society’s CISMP textbook. This is not an official definition but worth remembering for the purposes of the exam:

'The properties of an individual or resource that can be used to identify, uniquely, one individual or resource.'

- (BCS, Information Security Management Principles)

Identification is the process of claiming an identity on a system. It’s natural to think this only applies to people but actually it can also apply to devices like mobile phones or even cars. Identification information is typically your username, but it might also be an email address, an ID number or a car numberplate.

Your username is the identity by which the system recognises you and can account for your actions. Identities are used to uniquely name system processes so that the system can establish which processes are performing which tasks.


The key aspect of authentication is in the definition where it refers to an entity. If identification is the claiming of an identity, then authentication is proving that claim. There are many types of authentication processes, depending on what type of entity is being authenticated, however the most common form of authentication is a password.

Often the terms identification and authentication are used together in the acronym ID&A. The linkage between these two components is fundamental to the information security process. The entity that claims a particular identity must be authenticated to prove they are who they say they are.

Some examples might be:

  • User authentication: A user logging on to a system with a username and password
  • A user using a fingerprint to authenticate with their laptop
  • Device authentication: A smart card being authenticated to a card reader

What’s next?

Now, with a clearer awareness of security principles it’s time to concentrate on risk management.

1h 4m

In this course, you’ll be looking at numerous aspects of the risk matrix including the risk and threats involved in big data, the Internet of Things (IoT), the dark web and social media. You'll also be exploring threat intelligence, unified threat management (UTM), and security risk. You'll also see how you can use open-source intelligence (OSINT) and Dark Web Threat Intelligence to help you establish, improve and refine your risk treatment. All of this ensures that your organisation is protected from and alert to the constantly evolving series of information security threats. 

However, before you go on to threat management, let's first review risk and see how it relates to cyber security. 

About the Author
Learning Paths

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.