Which aspect is a key component of “defense in depth”?

Implementing multiple security layers is a fundamental principle of "defense in depth." This approach enhances the security of an organization's systems by employing various protective strategies and controls at different levels. By layering security measures—such as firewalls, intrusion detection systems, encryption, access controls, and employee training—an organization creates a more resilient security posture. If one layer fails, others remain to provide protection, effectively reducing the likelihood of a successful attack and minimizing potential damage.

This multi-layered strategy not only addresses different types of threats but also helps manage risk more effectively by ensuring that multiple barriers must be breached before an attacker can reach sensitive data or critical systems. It reflects a holistic awareness of cybersecurity, acknowledging that threats can come from various sources and that a single line of defense is often insufficient to safeguard against them.

In contrast, relying solely on a single firewall, using only encrypted communication, or focusing exclusively on software solutions do not provide the comprehensive and integrated security framework needed to adequately protect against evolving cyber threats. Each of these options represents a potential vulnerability, as they lack the redundancy and breadth of defense that characterize a "defense in depth" strategy.