Difference between revisions of "Defence-in-Depth"
Jump to navigation
Jump to search
(→EU COM (2013)343) |
(→References) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 10: | Line 10: | ||
=== National Definitions === | === National Definitions === | ||
====[[Belgium]]==== | ====[[Belgium]]==== | ||
− | {{definition|[Nuclear] "verdediging in de diepte": een hiërarchische inzet van verschillende niveaus van diverse apparatuur en procedures om de escalatie van verwachte operationele gebeurtenissen te voorkomen en de doeltreffendheid van de fysieke barrières, die geplaatst zijn tussen een stralingsbron of een radioactief materiaal en de werkers, het publiek en de lucht, het water en de bodem, te handhaven in gewone bedrijfsomstandigheden en, wat sommige barrières betreft, in ongevalssituaties. <ref>[http://docs.vlaamsparlement.be/eudocs/2016/COM_2013_343_NL.pdf EU RICHTLIJN VAN DE RAAD | + | {{definition|[Nuclear] "verdediging in de diepte": een hiërarchische inzet van verschillende niveaus van diverse apparatuur en procedures om de escalatie van verwachte operationele gebeurtenissen te voorkomen en de doeltreffendheid van de fysieke barrières, die geplaatst zijn tussen een stralingsbron of een radioactief materiaal en de werkers, het publiek en de lucht, het water en de bodem, te handhaven in gewone bedrijfsomstandigheden en, wat sommige barrières betreft, in ongevalssituaties. <ref>[http://docs.vlaamsparlement.be/eudocs/2016/COM_2013_343_NL.pdf EU RICHTLIJN VAN DE RAAD houdende wijziging van Richtlijn 2009/71/EURATOM tot vaststelling van een communautair kader voor de nucleaire veiligheid van kerninstallaties COM 2013/343]</ref>}}<br/><br/> |
− | houdende wijziging van Richtlijn 2009/71/EURATOM tot vaststelling van een communautair kader voor de nucleaire veiligheid van kerninstallaties COM 2013/343]</ref>}}<br/><br/> | + | |
==== [[Canada]] ==== | ==== [[Canada]] ==== | ||
{{definition|Defence-in-depth: An IT security concept (also known as the Castle Approach) in which multiple layers of security are used to protect the integrity of information. These layers can include antivirus and antispyware software, firewalls, hierarchical passwords, intrusion detection, and biometric identification. <ref>[https://www.cyber.gc.ca/en/glossary Glossary - Canadian Centre for Cyber Security]</ref><br/><br/>Défense en profondeur: Mesure de sécurité des TI consistant à établir de multiples couches de protection pour assurer l’intégrité de l’information. Ces couches de protection sont généralement constituées de logiciels antivirus, d’anti logiciels espions, de coupe feu, de mots de passe hiérarchiques, de mesures de détection des intrusions et de données biométriques. <ref>[https://www.cyber.gc.ca/fr/glossaire Glossaire - Centre Canadien pour la Cybersécurité]</ref>}} | {{definition|Defence-in-depth: An IT security concept (also known as the Castle Approach) in which multiple layers of security are used to protect the integrity of information. These layers can include antivirus and antispyware software, firewalls, hierarchical passwords, intrusion detection, and biometric identification. <ref>[https://www.cyber.gc.ca/en/glossary Glossary - Canadian Centre for Cyber Security]</ref><br/><br/>Défense en profondeur: Mesure de sécurité des TI consistant à établir de multiples couches de protection pour assurer l’intégrité de l’information. Ces couches de protection sont généralement constituées de logiciels antivirus, d’anti logiciels espions, de coupe feu, de mots de passe hiérarchiques, de mesures de détection des intrusions et de données biométriques. <ref>[https://www.cyber.gc.ca/fr/glossaire Glossaire - Centre Canadien pour la Cybersécurité]</ref>}} | ||
Line 31: | Line 31: | ||
==== [[United States]]==== | ==== [[United States]]==== | ||
===== [[NIST]]===== | ===== [[NIST]]===== | ||
− | {{definition|Defense-in-Depth is an [[Information Security|information security]] strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. <ref>[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)]</ref>}}<br/><br /> | + | {{definition|Defense-in-Depth is an [[Information Security|information security]] strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. <ref>[http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)]</ref>}}<br/> |
+ | =====[[Financial Stability Board]]===== | ||
+ | {{definition|Defence-in-Depth: security strategy integrating people, processes and technology to establish a variety of barriers across multiple layers and dimensions of the organisation. <ref>[https://www.fsb.org/wp-content/uploads/P121118-1.pdf Financial Stability Board, Cyber Lexicon (Nov. 12, 2018)]</ref>}}<br/><br /> | ||
+ | |||
===Standard Definition=== | ===Standard Definition=== | ||
==== [[ISA|ISA-62443-1-1]] ==== | ==== [[ISA|ISA-62443-1-1]] ==== | ||
Line 40: | Line 43: | ||
{{definition|Defense-in-depth: A principle for building systems stating that multiple defensive mechanisms at different layers of a system are usually more secure than a single layer of defense. <ref>[https://www.owasp.org/index.php/Glossary OWASP Glossary]</ref>}}<br/><br/> | {{definition|Defense-in-depth: A principle for building systems stating that multiple defensive mechanisms at different layers of a system are usually more secure than a single layer of defense. <ref>[https://www.owasp.org/index.php/Glossary OWASP Glossary]</ref>}}<br/><br/> | ||
+ | === [[Dictionary]]=== | ||
+ | {{definition|Defense in depth: Meerlaagse/gelaagde beveiliging: Achter elkaar schakelen van beveiligingsmaat�regelen, zodat als er één faalt, de anderen een aanval alsnog tegenhouden. <ref>[https://www.cybersecurityalliantie.nl/ecp_images/2021/12/Cybersecurity-Woordenboek-2021_ZonderSpreads.pdf Cybersecurity Woordenboek 2021]</ref>}}<br/><br/> | ||
+ | {{#set:defined by=Dictionary}} | ||
==See also== | ==See also== | ||
* [[Cyber Security]] | * [[Cyber Security]] | ||
Line 45: | Line 51: | ||
==Notes== | ==Notes== | ||
+ | |||
+ | ==References== | ||
<references /> | <references /> | ||
− | |||
− | |||
− | |||
[[Category:Security]] | [[Category:Security]] | ||
− | {{#set:defined by=IAEA|defined by=EU|defined by=Belgium|defined by=Canada|defined by=Hong Kong|defined by=Oman|defined by= Philippines|defined by=United Arab Emirates|defined by=United States|defined by=NIST|defined by=OWASP|defined by=ISA}} | + | {{#set:defined by=IAEA|defined by=EU|defined by=Belgium|defined by=Canada|defined by=Hong Kong|defined by=Oman|defined by= Philippines|defined by=United Arab Emirates|defined by=United States|defined by=NIST|defined by=OWASP|defined by=ISA|defined by=Financial Stability Board}} |
{{#set: Showmainpage=Yes}} | {{#set: Showmainpage=Yes}} |
Latest revision as of 22:08, 25 May 2023
Contents
Definitions
International Definitions
EU COM (2013)343
[Nuclear]‘Defence-in-depth’ means a hierarchical deployment of different levels of diverse equipment and procedures to prevent the escalation of anticipated operational occurrences and to maintain the effectiveness of physical barriers placed between a radiation source or radioactive material and workers, members of the public or the air, the water and the soil, in operational states and, for some barriers, in accident conditions. [1]
IAEA
Defence in depth is implementing several layers of defence, including both administrative aspects (procedures, instructions, sanctions, access control rules, confidentiality rules) and technical aspects (multiple layers of protection together with measures for detection and delay) that adversaries would have to overcome or circumvent to achieve their objectives. [2]
Defence in depth is the combination of multiple layers of systems and measures that have to be overcome or circumvented before nuclear security is compromised.
Defence in depth is the combination of multiple layers of systems and measures that have to be overcome or circumvented before nuclear security is compromised.
National Definitions
Belgium
[Nuclear] "verdediging in de diepte": een hiërarchische inzet van verschillende niveaus van diverse apparatuur en procedures om de escalatie van verwachte operationele gebeurtenissen te voorkomen en de doeltreffendheid van de fysieke barrières, die geplaatst zijn tussen een stralingsbron of een radioactief materiaal en de werkers, het publiek en de lucht, het water en de bodem, te handhaven in gewone bedrijfsomstandigheden en, wat sommige barrières betreft, in ongevalssituaties. [3]
Canada
Defence-in-depth: An IT security concept (also known as the Castle Approach) in which multiple layers of security are used to protect the integrity of information. These layers can include antivirus and antispyware software, firewalls, hierarchical passwords, intrusion detection, and biometric identification. [4]
Défense en profondeur: Mesure de sécurité des TI consistant à établir de multiples couches de protection pour assurer l’intégrité de l’information. Ces couches de protection sont généralement constituées de logiciels antivirus, d’anti logiciels espions, de coupe feu, de mots de passe hiérarchiques, de mesures de détection des intrusions et de données biométriques. [5]
Défense en profondeur: Mesure de sécurité des TI consistant à établir de multiples couches de protection pour assurer l’intégrité de l’information. Ces couches de protection sont généralement constituées de logiciels antivirus, d’anti logiciels espions, de coupe feu, de mots de passe hiérarchiques, de mesures de détection des intrusions et de données biométriques. [5]
Hong Kong
縱深防禦是利用多層次的資訊保安措施,以在單一保安組件發 生故障時作出保護。
Defence-in-Depth is the approach of using multiple layers of security to guard against failure of a single security component. [6]
Defence-in-Depth is the approach of using multiple layers of security to guard against failure of a single security component. [6]
Oman
Defense In-Depth is the approach of using multiple layers of security to guard against failure of a single security component. [7]
Philippines
Defence in Depth (DID): The application of multiple security measures that span multiple domains (physical, personnel, technical, etc.) to protect an asset or data or system. [8]
United Arab Emirates
United States
NIST
Defense-in-Depth is an information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. [10]
Financial Stability Board
Defence-in-Depth: security strategy integrating people, processes and technology to establish a variety of barriers across multiple layers and dimensions of the organisation. [11]
Standard Definition
ISA-62443-1-1
Defense-in-depth is the provision of multiple security protocols, especially in layers, with the intent to delay if not prevent an attack. [12]
Other definitions
OWASP
Defense-in-depth: A principle for building systems stating that multiple defensive mechanisms at different layers of a system are usually more secure than a single layer of defense. [13]
Dictionary
Defense in depth: Meerlaagse/gelaagde beveiliging: Achter elkaar schakelen van beveiligingsmaat�regelen, zodat als er één faalt, de anderen een aanval alsnog tegenhouden. [14]
See also
Notes
References
- Jump up ↑ COUNCIL DIRECTIVE amending Directive 2009/71/EURATOM establishing a Community framework for the nuclear safety of nuclear installations COM (2013)343
- Jump up ↑ IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
- Jump up ↑ EU RICHTLIJN VAN DE RAAD houdende wijziging van Richtlijn 2009/71/EURATOM tot vaststelling van een communautair kader voor de nucleaire veiligheid van kerninstallaties COM 2013/343
- Jump up ↑ Glossary - Canadian Centre for Cyber Security
- Jump up ↑ Glossaire - Centre Canadien pour la Cybersécurité
- Jump up ↑ Information Security Glossary
- Jump up ↑ Oman CERT Glossary
- Jump up ↑ NHS Cyber security glossary
- Jump up ↑ Abu Dhabi Safety and Security Planning Manual
- Jump up ↑ NIST Special Publication 800-53 Rev 4: Security and Privacy Controls for Federal Information Systems and Organizations (April 2013)
- Jump up ↑ Financial Stability Board, Cyber Lexicon (Nov. 12, 2018)
- Jump up ↑ ISA99 Committee Master Glossary.
- Jump up ↑ OWASP Glossary
- Jump up ↑ Cybersecurity Woordenboek 2021