The entity defends its networks by using appropriate prevention controls, technologies and techniques designed to render improbable or impossible an attack by a network assailant. The entity uses a layered defense-in-depth approach to assure that risks to its systems are defended, and that the basic tenets of information security are designed into the network’s protections.
In essence, the Defend Spectrum is the use of traditional defense-in-depth methods to assure the network from a preventive controls and technologies perspective.
The attacker will attempt to assail the network. At a minimum, there should be defenses designed into the network to control for simple entry, the physical analogues are doors with locks. The logic analogue is the firewall. Other standard defense-in-depth approaches include identity and access management methods, ring traversal protections in the trusted computing base, vulnerability and patch management, and general monitoring like intrusion detection systems. All networks connected to the Internet should use the defend spectrum activities at a minimum.