(ISC)2 Certified in Cybersecurity Practice Exam

What information security strategy integrates people, technology, and operations to establish security barriers?

• A. Layered Security
• B. Defense in Depth
• C. Multi-Layered Protection
• D. Holistic Security Strategy

The correct answer is: Defense in Depth

The term "Defense in Depth" refers to a comprehensive information security strategy that employs multiple layers of defense across physical, technical, and administrative controls. The concept is predicated on the idea that a successful security posture cannot rely on a single security measure; rather, it must integrate various overlapping techniques that create "barriers" to potential threats. This strategy recognizes that threats can emerge from multiple vectors—such as external attackers, insider threats, and even unintentional actions by users. By implementing layered defenses, organizations can slow down or deter an attack, providing additional time to detect and respond to security incidents. Each layer serves a distinct function and utilizes different technologies, policies, and practices, ensuring there are several hurdles a threat must overcome before achieving its objective. Other options may incorporate elements of security but don't provide the same comprehensive and strategic approach to integrating people, technology, and operations. For example, "Layered Security" is technically similar but may not emphasize the holistic integration aspect as strongly as "Defense in Depth." "Multi-Layered Protection" tends to emphasize the number of layers rather than the effective integration of those layers into a cohesive strategy. "Holistic Security Strategy" suggests a more encompassing view but does not specifically convey the structured, tier