Question #1
The difference in depth is the use of multiple defense mechanisms in a layered format to protect internal systems, data, and users on a network infrastructure. The defense-in-depth strategy is required to use multiple defense systems that act in a fail-safe manner. The defense-in-depth strategy consists of security policies that protect both the business and employee information. The policies are a set of rules, compliance, and enforcement and provide authorization levels for various network activities. Some of the layers of a defense-in-depth strategy consist of authorization layer, firewall layer, intrusion detection, content filtering and data encryption layer (Straub, 2003). The defense-in-depth strategy is a perfect example of using different security controls and a combination of security factors in order to improve a network security. A variety of hardware and software security controls can be implemented for overall security. The hardware security consists of using secured network equipment like switches, routers, and WLAN with embedded security. Software based security controls include firewalls, antivirus, and spam filters (Straub, 2003). Question #2 IT governance model helps in delivering organization's business values and enhances the confidence of doing business with the organization. IT governance model ensures adoption of emerging technologies, such as Cloud, Analytics, Mobility and Security in order to drive innovation in business, and enhance collaboration amongst various business units. It is a comprehensive model that caters to all the aspects including regulations, compliance, corporate and industry standards and security. The major benefits of IT governance model include strategic alignment, value delivery, prioritization and improved performance with high-quality output. IT governance model ensures alignment of IT security standards with the organizational security policies, drives compliance and consistency of security measures and ensures risk management ("Maximizing Business Value Through Effective IT Governance", 2013).
Security blueprints provide visual information for the security needs of an organization. It consists of strategies, assumptions, influential factors, opportunities and desired results based upon the organizational needs. A security blueprint provides the solutions, best practices and a guide covering all the security aspects of the organization. It provides a layered approach for security solutions for the organization ("Cisco SAFE: A Security Blueprint for Enterprise Networks", 2000).
References
Cisco SAFE: A Security Blueprint for Enterprise Networks. (2000). cisco.com.
Retrieved 20 May 2016, from http://www.cisco.com/c/dam/en/us/products
/collateral/wireless/mobile-office-net-software/product_implementation_design_guide09186a00800a3016.pdf
Maximizing Business Value Through Effective IT Governance. (2013). cognizant.com.
Retrieved 20 May 2016, from https://www.cognizant.com/InsightsWhitepapers
/Maximizing-Business-Value-Through-Effective-IT-Governance.pdf
Straub, K. (2003). Information Security Managing Risk with Defense in Depth.
Sans.org. Retrieved 20 May 2016, from https://www.sans.org
/reading-room/whitepapers/infosec
/information-security-managing-risk-defense-in-depth-1224
