(ID999) INCIDENT RESPONSE - Tel: UK 0044 1732 897 601

Defence in Depth – Layered Security

Defence in depth

A practical strategy for achieving Information Assurance in today’s highly networked environments.

Defence in Depth is practical strategy for achieving Information Assurance in today’s highly networked environments. It is a “best practices” strategy in that it relies on the intelligent application of techniques and technologies that exist today. The strategy recommends a balance between the protection capability and cost, performance, and operational considerations.

Layered security

Layered security, also known as layered defence, describes the practice of combining multiple mitigating security controls to protect resources and data. The term bears some similarity to defence in depth, a term adopted from a military strategy that involves multiple layers of defence that resist rapid penetration by an attacker but yield rather than exhaust themselves by too-rigid tactics. As the incursion progresses, resources are consumed and progress is slowed until it is halted and turned back.

The information assurance use of the term "defence in depth" assumes more than merely technical security tools deployment; it also implies policy and operations planning, user training, physical access security measures, and direct information assurance personnel involvement in dealing with attempts to gain unauthorised access to information resources.

Information assurance

Information Assurance is achieved when information and information systems are protected against such attacks through the application of security services such as: Availability, Integrity, Authentication, Confidentiality, and Non-Repudiation.

The application of these services should traditionally be based on the Protect, Detect, and React paradigm. This means that in addition to incorporating protection mechanisms, organisations need to expect attacks and include attack detection tools and procedures that allow them to react to and recover from these attacks.

BII Compliance is however slightly different. We developed a straight forward yet comprehensive security strategy which encompasses several different aspects including prediction. Our methodology runs in order of Prediction, Prevention, Detection and Response.

Solution delivery previous 6 months

  • Advanced Malware Protection
  • Application Visibility & Control
  • High Grade Encryption
  • Converged Storage / Cloud
  • Data Management & Encryption
  • DDoS Mitigation
  • Log Monitoring & SIEM
  • Low Latency Infrastructure
  • Managed Services
  • Mobile Security & Data Transit (MDM)
  • Next Generation Firewalls Inc (NAC)
  • Unified Threat Management (UTM)
  • User Session Recording

2002 - 2013 Technology trends and future predictions

BII Compliance has investigated, designed and implemented efficient layers of defence to protect against current and emerging threats since 2002. BII relies on tier one and tier 2 technology vendors to deliver the very best solutions available in the cyber security market. BII's consultants are trained extensively and will work with your technical requirements to advise the best possible software, hardware or managed service.

We believe we are in a unique position to best direct the future interest of clients and their security environments as well as consulting them when required or called upon to do so. Using our internal client relationship management system (CRM) it has proven possible to correlate future project trends in all sectors and vertical markets. BII consultants are in daily touch with security teams, risk managers and governance officers who provide us with quarterly concerns and projects. BII use this data to predict future trends in the technology market as well as enablement of thought leadership and entrepreneurial services.

Meet with BII your future CSP

Appointing BII as your cyber security partner (CSP) adds additional layers of intelligence which an on-premise team of experts dedicated to protecting your organisation simply could not.