ISA/IEC 62443 Cybersecurity Fundamentals Specialist — Question 51

What is the definition of “defense in depth” when referring to cybersecurity?

Answer options

• A. Using countermeasures that have intrinsic technical depth.
• B. Aligning all resources to provide a broad technical gauntlet
• C. Requiring a minimum distance requirement between security assets
• D. Applying multiple countermeasures in a layered or stepwise manner

Correct answer: D

Explanation

'Defense in depth' refers to the strategy of applying multiple layers of security controls to protect information. This approach enhances security by ensuring that if one layer fails, others will still provide protection. The other options do not accurately capture the layered approach or the essence of the strategy.