“The Eyrie is impregnable. You saw for yourself. No enemy could ever reach us up here.” — A Game of Thrones, Catelyn VI

The Bloody Gate is the first line of defense of the Eyrie, an ancient castle perched several thousand feet above the Vale of Arryn. A dozen armies have been smashed to bits upon the Gate.

In the unlikely event you breach the Bloody Gate, you’ll meet the Gates of the Moon, followed by not one, but three waycastles: Stone, Snow, and Sky—each with high stone walls capped with iron spikes and guard towers. While you lead your attack single-file up the narrow and treacherous mountain path, no wider than a goat trail, defenders reign boulders down from above.

That’s what I’d call layered security. Although the Eyrie is from a fantasy novel, many medieval castles were built with multi-tiered defenses. If one layer is penetrated, all is not lost. Eggs. Baskets. You get it.

Fast-forward thousands of years and the philosophy of layered security (used interchangeably with “defense in depth”) is critical to information security.

6 Layers of Information Security

Often times you’ll hear someone say, “you need a layered approach!” Well, yeah! Even a first-time CISO knows as much. But where does one begin? What are the different layers and what are some common strategies and tech for each layer?

This guide will cover each of the following 6 layers in-depth:

  1. Human
  2. Physical
  3. Endpoint
  4. Network
  5. Application
  6. Data

Note: this guide does not cover every possible security technology or approach. The goal is to give you a deep yet easy-to-digest tour of the most common corners of information security ecosystem. Everyone’s security needs are unique. You should assess your risk and pick the right processes and tools for the job.