53. What is Layered Security and why are information security policies so important today, and do you offer comprehensive I.T. security documentation?

Layered security, often mentioned in the context of Defense in Depth, is a concept whereby multiple layers of security initiatives are deployed for the purposes of protecting an organization’s critical system resources. Specifically, by utilizing a number of security tools, protocols, and features, organizations can effectively put in place layers of security that – in the aggregate – help ensure the confidentiality, integrity, and availability (CIA) of systems. It’s important to note that the main emphasis of layered security is about protection, ultimately making it a subset of Defense in Depth, which casts a much wider net on the broader subject of enterprise-wide information security. Furthermore, layered security seeks to put in place measures that compensate for possible weaknesses in other tools, but again – in the aggregate – form a comprehensive security strategy.

Examples of Layered Security and the Need for Information Security Policies

Remember, layered security is not about information security redundancy – that is, using tools to achieve the same desired output – such as using an access control card and iris recognition to enter a data center (that’s two forms of the same control – authentication and authorization). As for layered security initiatives, common examples can include the following:

  • The use of firewalls, intrusion detection systems, web application firewalls, anti-virus and anti-spam tools, as they each provide specific measures unique to one another for network security protection. 
  • Having pan-tilt-zoom (PTZ) cameras at a data center, along with comprehensive badge provisioning procedures, then the use of access control card and iris recognition the actual data center facility.

Information Security Policies | A Vital Component of Layered Security

A very important component of layered security is the ability for organizations to effectively document one’s security policies, procedures, and processes, which means putting in place comprehensive operational and information security documentation.  FLANK, a global leader in the field of information security and cyber security policy documents, offers the FLANK21 set of policies, procedures, forms, checklists, templates, and provisioning and hardening documents that’s available for purchase and immediate download. With hundreds of high-quality, professionally developed policy and procedural material – and more – the FLANK21 set of material is a must have for organizations serious about information security.

Information Security Policies for Layered Security | Hundreds More Available

Layered security can be an effective strategy for helping protect one’s information systems landscape, so long as documented information security policies and procedures are included in such a framework. Just stop and think about all the tools, solutions, and protocols used for layered security – firewalls, intrusion detection systems, anti-virus, monitoring and logging, and more – they all require documented information security policies and procedures for guidance and oversight. Your solution is the FLANK21 set of documents from FLANK.