Last week I was down at Pace University in New York City where I gave the opening keynote talk for a high school computer forensics competition. I had a very attentive audience for my talk but I also I really enjoyed seeing/hearing the presentations the students did for the competition. There was clearly a lot of work and a lot of learning going on. One of the things I talked about in my talk, which was generally about defensive actions to protect software in general and operating systems in particular, was Defense in Depth. I only spent a short time on it but it was clear to me that I could have spent a lot more time on it. As regular readers know I believe that students in computer science should start learning about security early.
Just by coincidence, this week, I received the regular security newsletter that Microsoft sends out and there was a reference to an article by Kai Axford, a Senior Security Strategist with the Microsoft Trustworthy Computing Group, on this very topic. In this article Kai talks about Seven Layers of defense in depth:
It’s not a long article but there is a lot of good information and a good start to a serious discussion about software as part of a complete system and what it means to keep things safe. And if you want more, you can find Kai’s highly rated on-demand videos here.