LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Which elements make up a Defence-in-Depth strategy according to the IKT Minimalstandard?

Nine layers, from risk management through network and host security down to the human element — so that no single failing control causes a breach.

Element Examples
Risk-Management-Programm Risk profile, accurate inventory of ICT assets
Cybersecurity-Architektur Standards, guidelines, defined procedures
Physische Sicherheit Protection of end devices, control rooms, access controls, CCTV, barriers
Netzwerk-Architektur Security zones, DMZ (demilitarized zones), virtual LANs
Netzwerk-Perimeter-Security Firewalls, remote access & authentication, jump servers/hosts
Host Security Patch & vulnerability management, endpoints, virtual devices
Security-Überwachung Intrusion detection systems, security audit logging, event monitoring
Vendor Management Supply-chain monitoring, managed services/outsourcing, cloud usage
Das Element Mensch Policies, procedures, training and awareness

The core idea: controls overlap like layers of an onion — an attacker who slips past the perimeter still faces network segmentation, hardened hosts, monitoring, and alert humans.

Tip: Notice the first and last layers are not technical (risk management; humans). Defence in depth ≠ stacking firewalls — it spans governance, physics, technology, suppliers, and people.

From Quiz: ISM / Frameworks — NIST CSF & IKT Minimalstandard | Updated: Jul 14, 2026