[[File:Defense In Depth - Onion Model.svg|thumb|right|The [[onion model]] of defense in depth]]
Information security must protect information throughout its lifespan, from the initial creation of the information on through to the final disposal of the information.<ref>{{Cite journal|date=1998-05-06|title=Residents Must Protect Their Private Information|journal=JAMA|volume=279|issue=17|pages=1410B|doi=10.1001/jama.279.17.1410|issn=0098-7484|doi-access=free}}</ref> The information must be protected while in motion and while at rest. During its lifetime, information may pass through many different information processing systems and through many different parts of information processing systems.<ref>{{Cite journal|date=2008|journal=Issues in Information Systems|doi=10.48009/2_iis_2008_343-350|issn=1529-7314|doi-access=free|title=Group Wisdom Support Systems: Aggregating the Insights of Many Through Information Technology}}</ref> There are many different ways the information and information systems can be threatened. To fully protect the information during its lifetime, each component of the information processing system must have its own protection mechanisms.<ref>{{Citation|title=INTERDEPENDENCIES OF INFORMATION SYSTEMS|url=http://dx.doi.org/10.2307/j.ctt1xhr7hq.13|work=Lessons Learned: Critical Information Infrastructure Protection|year=2018|pages=34–37|publisher=IT Governance Publishing|doi=10.2307/j.ctt1xhr7hq.13|isbn=978-1-84928-958-0|access-date=2021-05-29}}</ref> The building up, layering on, and overlapping of security measures is called "defense in depth."<ref>{{Citation|title=Managing Network Security|date=2003-10-27|url=http://dx.doi.org/10.1201/9780203508046-3|work=Network Perimeter Security|pages=17–66|publisher=Auerbach Publications|doi=10.1201/9780203508046-3|isbn=978-0-429-21157-7|access-date=2021-05-29}}</ref> In contrast to a metal chain, which is famously only as strong as its weakest link, theThe defense in depth strategy aims at a structure where, should one defensive measure fail, other measures will continue to provide protection.<ref name="VaccaComputer13">{{cite book |chapter-url=https://books.google.com/books?id=zb916YOr16wC&pg=PA546 |chapter=Chapter 31: What is Vulnerability Assessment? |title=Computer and Information Security Handbook |author=Kakareka, A. |editor=Vacca, J.R. |publisher=Elsevier |edition=2nd |pages=541–552 |year=2013 |isbn=9780123946126}}</ref>
Recall the earlier discussion about administrative controls, logical controls, and physical controls. The three types of controls can be used to form the basis upon which to build a defense in depth strategy.<ref name="Administrative Controls">{{Citation|title=Administrative Controls|date=2003-03-26|url=http://dx.doi.org/10.1201/9780203507933-6|work=Occupational Ergonomics|pages=443–666|publisher=CRC Press|doi=10.1201/9780203507933-6|isbn=978-0-429-21155-3|access-date=2021-05-29}}</ref> With this approach, defense in depth can be conceptualized as three distinct layers or planes laid one on top of the other.<ref>{{Cite journal|last1=Duke|first1=P. A.|last2=Howard|first2=I. P.|date=2012-08-17|title=Processing vertical size disparities in distinct depth planes|journal=Journal of Vision|volume=12|issue=8|pages=10|doi=10.1167/12.8.10|pmid=22904355|issn=1534-7362|doi-access=free}}</ref> Additional insight into defense in depth can be gained by thinking of it as forming the layers of an onion, with data at the core of the onion, people the next outer layer of the onion, and [[network security]], host-based security, and [[application security]] forming the outermost layers of the onion.<ref>{{Cite book|chapter=Security Onion Control Scripts|date=2014|chapter-url=http://dx.doi.org/10.1016/b978-0-12-417208-1.09986-4|title=Applied Network Security Monitoring|pages=451–456|publisher=Elsevier|doi=10.1016/b978-0-12-417208-1.09986-4|isbn=978-0-12-417208-1|access-date=2021-05-29}}</ref> Both perspectives are equally valid, and each provides valuable insight into the implementation of a good defense in depth strategy.<ref>{{Cite journal|title=Metabolomics Provides Valuable Insight for the Study of Durum Wheat: A Review|url=http://dx.doi.org/10.1021/acs.jafc.8b07097.s001|access-date=2021-05-29|doi=10.1021/acs.jafc.8b07097.s001|first1=Sergio |last1=Saia|first2=Mariagiovanna |last2=Fragasso|first3=Pasquale De |last3=Vita|first4=Romina |last4=Beleggia|journal=Journal of Agricultural and Food Chemistry}}</ref>
