applying appropriate safeguards. These can (and do) range from
               technology solutions and controls to policies and procedures that

               manage risk and seek to limit or avoid losses, damage, unwanted
               disclosure, and so on.

               A reasonable understanding of countermeasure principles is always
               important when responding to vulnerabilities and threats. Some
               specific countermeasure principles are discussed in Chapter 2,
               “Personnel Security and Risk Management Concepts,” in the section

               “Risk Management.” But a common general principle is that of defense
               in depth. Defense in depth is a common security strategy used to
               provide a protective multilayer barrier against various forms of attack.
               It’s reasonable to assume that there is greater difficulty in passing bad
               traffic or data through a network heavily fortified by a firewall, an IDS,
               and a diligent administration staff than one with a firewall alone. Why
               shouldn’t you double up your defenses? Defense in depth (aka
               multilayered defense and diversity of defense) is the use of multiple

               types of access controls in literal or theoretical concentric circles. This
               form of layered security helps an organization avoid a monolithic
               security stance. A monolithic or fortress mentality is the belief that a
               single security mechanism is all that is required to provide sufficient
               security. Unfortunately, every individual security mechanism has a

               flaw or a workaround just waiting to be discovered and abused by a
               hacker. Only through the intelligent combination of countermeasures
               is a defense constructed that will resist significant and persistent
               attempts of compromise.


               Cloud-Based Systems and Cloud Computing


               Cloud computing is the popular term referring to a concept of
               computing where processing and storage are performed elsewhere
               over a network connection rather than locally. Cloud computing is
               often thought of as Internet-based computing or remote virtualization.
               Ultimately, processing and storage still occurs on computers
               somewhere, but the distinction is that the local operator no longer
               needs to have that capacity or capability locally. This also allows a
               larger group of users to leverage cloud resources on demand. From the

               end-user perspective, all the work of computing is now performed “in