A layered security policy is a security strategy that uses multiple layers of protection to protect your network and data. A layered security policy consists of multiple measures, each designed to protect against different types of threats. The goal is to ensure that no single layer of defense fails and that no single layer has all the answers.
The following are some examples of common layers in a layered security policy:
Physical security: Physical measures include locks on doors and windows, fences around buildings, and secure storage facilities. This layer deals with physical access to your organization’s assets.
Network security: Network-level measures include firewalls, intrusion detection systems (IDSs), and other technologies designed to guard against attacks from the Internet or from other networks. This layer deals with protecting your network from external attacks by unauthorized users or malicious code. It also deals with protecting internal resources from being accessed by unauthorized users or malicious code within your own network.
Host-based security: Host-based measures include antivirus software installed on each system in your network environment so you can detect malware before it does any damage to your system or network. This layer deals with protecting individual computers from malware infections by installing antivirus software on each individual computer.