Defense-in-depth (also defense in depth and defence in depth) is
“
an information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.[1]
”
“
[t]he DoD approach for establishing an adequate IA posture in a shared-risk environment that allows for shared mitigation through: the integration of people, technology, and operations; the layering of IA solutions within and among IT assets; and, the selection of IA solutions based on their relative level of robustness.[2]
”
“
[a] [c]ybersecurity strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.[3]
"Defense-in-depth requires widely distributed intrusion detection activities to recognize and describe activities that are different from the normal pattern or fit known "bad" patterns, and to limit and contain the access across networks that a malicioususer may exploit. The nature and scope of the incident, effects, cause, and vulnerability must be determined. After an intrusion is detected, incidentinformation must be reported through established channels to appropriate authorities, specialized analysis, and response centers."