Defense in Depth A practical strategy for achieving Information Assurance in today’s highly networked environments. Introduction. Defense in Depth is It’s also important to resist practical strategy for achieving detrimental effects from non-malicious Information Assurance in today’s highly events such as fire, flood, power outages networked environments. It is a “best and user error. practices” strategy in that it relies on the Information Assurance. Information intelligent application of techniques and Assurance is achieved when information technologies that exist today. The and information systems are protected strategy recommends a balance between against such attacks through the the protection capability and cost, application of security services such as: performance, and operational Availability, Integrity, Authentication, considerations. This paper provides an Confidentiality, and Non-Repudiation. overview of the major elements of the The application of these services should strategy and provides links to resources be based on the Protect, Detect, and that provide additional insight. React paradigm. This means that in addition to incorporating protection Adversaries, Motivations, Classes mechanisms, organizations need to of Attack.