Summary of Defence-In-Depth Security Controls in an IT System
IA, or information assurance in full, refers to concepts, that can otherwise be referred to like models that have migrated from IT or IT information systems (Blyth, 2001). An IA concept or an IA model has various functions or responsibilities in an IT system. Its primary role or the main purpose of an IA in an IT or computer system is to reduce the chances of attack or vulnerability from an IA threat. IA concepts or models also serve the purpose of reducing as much as possible, the collateral damage in case of the occurrence of an IA attack and to provide methods and alternatives of system recovery after the attack. There exist different AI models with different capabilities and with various features. Organizations or individuals should consider the cost and the probability of each model in attempting to select the concept of the IA model that suits them best (Blyth & Kovacich, 2006).
Défense-in-depth, is an IA model, aspect, or concept that entails or involves placing of multiple security layers or security strategies that are placed throughout an IT or computer system. This IA strategy, defense-in-depth, is responsible for identifying and addressing IA security gaps, risks, or vulnerabilities that may attack an IT system, technology, and operations of the IT system within its life-cycle. Defense-in-depth provides multiple, redundant security measures and strategies to guard the IT system. This IA concept uses controls that it uses to delay the advance of a cyber attack on the computer system. These security controls are physical controls, technical controls, and administrative controls.
Physical controls involve physical security measures that guard against security vulnerabilities, such as the hiring of guards and reinforced doors. Technical controls as a security measure include measures that guard the computer network or computer resources by making use of specially designed software or hardware, such as anti-virus or firewalls. Administrative controls involve security controls set out by an organization as a regulation to their employees or staff. Additional security measures include access measures, station defenses, perimeter defenses, and data protection. Another is the monitoring and prevention of security controls.
I have had experience with technical controls. This technical controls that I have had experience with fall in the workstation domain and the system domain. My experience with technical controls involves software that was installed in the IT systems to guard against remote cyber-attacks. This was done by installing protection software and the installation of a comprehensive firewall that guarded and protected the IT system against unauthorized access. Another example of technical control I have had experience with is anti-virus installation to protect against viruses and malware. In my experience, I have found these controls to be a useful tool and thorough in guarding against cyber-threats.
References
Blyth, A. (2001). Basic IA concepts and models. Retrieved from https://link.springer.com/chapter/10.1007/978-1-4471-3706-1_6
Blyth, A., & Kovacich, G. L. (2006, January 1). Basic IA concepts and models. Retrieved from https://www.researchgate.net/publication/319728607_Basic_IA_Concepts_and_Models