A strategy for achieving information assurance in which multiple layers of security controls (defenses) are placed throughout an information technology (IT) system.

"Defense in depth involves the use of physical, technical, and administrative controls to protect against threats from various angles."