Security is about ensuring business continuity, and that is achieved best by developing a defense-in-depth strategy and architecture that can defend against a wide-array of possible interruption.
What is a defense-in-depth strategy? A physical example is taking a look at a SuperMax prison. At a SuperMax prison they have two or more fences, manned guard towers, and are in remote locations. Defense-in-depth means you have more than one fence and not all of your data is in one location. You want to create barriers in a layered strategy much like the layers of an onion. You put in a firewall or bury your system deep within your network, then put controls inside the system such as antivirus programs, then make sure your patches are up to date.
Network security doesn’t end there. You also need to make sure that your users are not bringing in viruses and worms in the form of an infected USB stick, email attachment, or phishing scams. Users are your first line of defense. All the security appliances and software in the world are easily defeated by a user giving out account authorization information. Educating users and constant communication about threats is the key in protecting your systems and networks.
What other concerns do you have about security? Post your thoughts and questions in our comments section below.