The idea behind the defense in depth approach is to defend a system against any particular attack using several independent methods.<ref name=schneier2006>[https://www.schneier.com/blog/archives/2006/02/security_in_the.html Schneier on Security: Security in the Cloud]</ref> It is a layering tactic, conceived<ref>{{citationCite neededweb|datetitle=AprilSome principles of secure design. Designing Secure Systems module Autumn PDF Free Download|url=https://docplayer.net/17241198-Some-principles-of-secure-design-designing-secure-systems-module-autumn-2015.html|access-date=2020-12-12|website=docplayer.net}}</ref>. by the [[National Security Agency]] (NSA) as a comprehensive approach to information and electronic security.<ref name=nsa1>[https://www.nsa.gov/ia/_files/support/defenseindepth.pdf Defense in Depth: A practical strategy for achieving Information Assurance in today’s highly networked environments.]</ref><ref name=owasp1>[https://www.owasp.org/index.php/Defense_in_depth OWASP Wiki: Defense in depth] {{unreliable source?|date=April 2012}}</ref> The term defense in depth in computing is inspired by a military [[strategy]] of [[Defence in depth|the same name]], but is quite different in concept. The military strategy revolves around having a weaker perimeter defense and intentionally yielding space to buy time, envelop, and ultimately counter-attack an opponent, whereas the information security strategy simply involves multiple layers of controls, but not intentionally ceding ground (''cf.'' [[Honeypot_(computing)|honeypot.]])
