Defense in depth is the security strategy of layering multiple independent controls so that the failure of any single control does not result in a successful breach. When an attacker breaks through the first line of defense, they encounter a second, then a third, each requiring additional effort and revealing more of the attack in progress.
In practice, defense in depth means an attacker who bypasses the perimeter firewall still faces network segmentation, then endpoint detection, then application-level controls, then data encryption. The layers work together to raise the cost and complexity of a successful attack beyond what most attackers are willing to sustain.
CISSP Relevance
Defense in depth is a foundational principle appearing across Domain 1 (Security and Risk Management) and Domain 3 (Security Architecture and Engineering). CISSP candidates must understand how to design layered security architectures and how to articulate the strategy to stakeholders who question why multiple controls address the same threat.
External reference: CISA Layering Cyber Security Defenses
Related terms: Security Control, Network Segmentation