Certified Information Privacy Technologist (CIPT) — Question 238

Which of the following is the primary purpose of implementing “defense in depth” as a security concept in an organization?

Answer options

• A. To manage incidents through multiple nodes of escalation
• B. To create multiple layers of security controls to prevent unauthorized access
• C. To ensure compliance with privacy regulations through strong security measures
• D. To monitor and detect security incidents in real-time to minimize privacy breaches

Correct answer: B

Explanation

The correct answer, B, reflects the essence of 'defense in depth', which involves implementing multiple security layers to protect against unauthorized access. Options A, C, and D, while related to security practices, do not capture the primary intent of creating layered defenses in depth.