Explain 'defense-in-depth' in cyberspace and give an example.

• A. A layered security approach with multiple independent controls; example: firewall, endpoint protection, intrusion detection, and user training.
• B. A single control that guarantees security; example: antivirus alone.
• C. A defensive posture relying solely on perimeter defenses.
• D. An outdated concept no longer used.

Answer: (A)

Defense-in-depth means using multiple independent safeguards across different layers and areas—network, endpoint, data, people, and procedures—so no single control stands alone. The idea is that if one defense is bypassed or fails, others still stand in the way, making it much harder for an attacker to succeed.

An example shows how this works together: a firewall blocks unauthorized traffic at the network edge, endpoint protection (antivirus and EDR) defends each device from malware, intrusion detection systems monitor for suspicious activity and raise alerts, and user training reduces the chance of falling for phishing or social engineering. If a user clicks a malicious link, the endpoint protection may stop the malware from running, the firewall may block the connection, and the IDS can detect unusual behavior and trigger a response. This layered approach is more robust than relying on a single control, like antivirus alone or perimeter defenses only, and it reflects how defenses should operate in cyberspace.