---
type: "term"
title: "Defense-in-Depth"
description: "A security strategy employing multiple layers of controls so that if one layer fails, another provides protection."
resource: "tlctc:term:defense-in-depth"
tags:
  - "glossary"
---
# Defense-in-Depth

A security strategy employing multiple layers of controls so that if one layer fails, another provides protection. In TLCTC: defense-in-depth means implementing controls at multiple points along potential attack paths — both Local Controls (specific systems) and Umbrella Controls (groups of systems) — and across NIST CSF functions (Identify, Protect, Detect, Respond, Recover) for each relevant threat cluster. The interplay between different threat clusters (e.g., `#9` potentially circumventing `#4` controls) necessitates a holistic, defense-in-depth approach.

**Reference:** V1.9.1 §The Anatomy of Risk

See also: Local Controls, Umbrella Controls, Control