A security strategy that employs multiple layers of defense measures across an organization’s technical and procedural boundaries. It is designed to slow down an attack’s progress and provide redundant protective measures in case one system fails or is compromised. This includes not just technical controls like firewalls, antivirus software, and intrusion detection systems but also administrative controls like security policies, training, and physical controls like surveillance and secure locks. The concept is based on a military strategy with the same name, where a series of defensive mechanisms are layered to protect valuable assets. Multiple, complimentary, overlapping security measures.