Page 25 - info_oct_2021_draft13
P. 25
Defense in Depth through
Layered Security
Importance of Layered
Security for Data Defense
and Protection
yber Security is explained in terms of CIA
Triad. The CIA Triad of Confidentiality,
Int
C egrity and Availability is considered as Incidents of massive data breaches have become common and the cost of
the core underpinnings of Information Security.
The CIA triad forms the base unto which different breaches have reached record high levels. The increase in frequency and
approaches to security build upon. All security
access controls and vulnerabilities can be viewed sophistication of cyber-attacks becomes more relevant as Government
in the light of one or more of these key concepts. Organizations and Enterprises are increasingly relying on networked
computing architectures to maintain consistency of services. Breaches and
Confidentiality
Confidentiality measures protect information downtime leading to network outage can impact profitability of businesses
from unauthorized access and misuse. Most
information systems house information that and availability of government services.
has varying degree of sensitivity. Confidential
information often has value and systems are
therefore under frequent attack as criminals hunt
for vulnerabilities to exploit and subsequently
gain access to information. Threat vectors include users are only able to alter information that they the information. The term “layered security” is
direct attacks such as stealing passwords and are legitimately authorized to. related to the term “defense in depth”, which
capturing network traffic, and more layered Availability is based on a slightly broader conception
attacks such as social engineering and phishing. For an information system to be useful it must where multiple strategies and resources are
be available to authorized users. Availability used to slow, block, delay, or hinder a threat to
subsequently neutralize it.
Integrity measures provide timely and uninterrupted access
Integrity related measures protect information to the system. Government, Businesses, Medical,
from unauthorized alteration. These measures Information and other types of infrastructure
provide assurance about the accuracy and are based on the connectivity and availability
completeness of data. In maintaining integrity, of resources and services and unavailability can
it is not only necessary to control access at the cause chaos and severe damage.
system level, but to further ensure that system
Concept of Layered Security CONFIDENTIALITY
There are many approaches to deal with
the conventional and emerging cyber-threats.
Layered approach towards security is one of the
most prominent among them.
Layered security is defined as: INFORMATION
Layered security refers to security systems SECURITY
Abhishek Sisodia that use multiple components to protect
Scientist - B operations on multiple levels and protects the INTEGRITY AVAILABILITY
abhishek.sisodia@nic.in confidentiality, integrity, and availability of
October 2021 informatics.nic.in 25
