Also called Multi-Level Security — the principle of stacking independent security layers so that failure at any one layer does not mean total compromise.
No single control stops every attacker. Defence in Depth creates multiple independent barriers — each one the attacker must breach before reaching the target. Even if one layer fails, the remaining layers continue to protect. The combination is exponentially more effective than any single control alone.
First line of defence. Many threats stopped here before reaching the building.
Those who bypass the gate still face a locked entrance requiring access credentials.
Detection and deterrence layer — even if physical controls fail, activity is recorded.
Separate access control for high-value areas within the already-protected building.
Final layer protecting the most sensitive assets — even from those inside the room.
The Goal: No single layer is expected to be impenetrable. Each layer raises the cost, time, and skill required to reach the next one. The cumulative effect stops most attackers entirely — and slows, detects, or contains those who make it further. Defence in Depth is also directly tied to ISO/IEC 19249's Layering architectural principle.